dragon8161
-
Posts
52 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by dragon8161
-
Seems to be running fine, no auto load from google chrome, no freezing, thank you for all your help. Sent $20 usd donation to help stop malware Confirmation number: 7TC87978PD4828527. dyndi_69@------
-
Scan completed no threats detected, no threat log created, only one log created auto log to large to post attached in rar file.
-
Eset online scanner completed, 6+ hours said nothing found, could not find scanner log, below is the only log that was inside eset online scanner file. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
-
Yes I let spybot remove those entries, sorry if I gave you the impression that I was asking for help with my internet speed. I was just pointing out that two of the symptoms, I thought were caused by incredibar are now being reported on mozilla forums as programing conflicts. I am happy that you are helping me and will continue to follow your directions until you declare my computer safe. combofix log is posted below ComboFix 12-06-28.03 - Owner 06/30/2012 8:31.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6202 [GMT -4:00] Running from: c:\users\Owner\Desktop\ComboFix.exe Command switches used :: c:\users\Owner\Desktop\CFScript.txt AV: Max Security 9.17 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Max Security 9.17 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Max Security 9.17 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 ))))))))))))))))))))))))))))))) . . 2012-06-30 12:41 . 2012-06-30 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-30 09:05 . 2012-06-30 09:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4B9BA93-C968-49EF-AF15-791B593C1B1A}\offreg.dll 2012-06-30 00:30 . 2012-06-30 00:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-30 00:30 . 2012-06-30 00:30 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-29 12:18 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4B9BA93-C968-49EF-AF15-791B593C1B1A}\mpengine.dll 2012-06-27 18:13 . 2012-06-27 18:13 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-06-27 18:13 . 2012-06-27 18:13 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-27 18:13 . 2012-06-27 18:13 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-06-27 16:07 . 2012-06-27 16:07 -------- d-----w- C:\_OTL 2012-06-25 16:59 . 2012-06-27 18:13 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2012-06-25 16:59 . 2012-06-27 18:13 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2012-06-25 16:59 . 2012-06-27 18:13 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2012-06-21 11:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 11:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 11:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 11:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 11:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 11:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 11:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 11:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 11:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-17 10:54 . 2010-05-27 16:32 774144 ----a-w- c:\windows\SysWow64\htmlayout.dll 2012-06-17 07:00 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-17 07:00 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-17 07:00 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-06-17 07:00 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2012-06-17 07:00 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2012-06-17 07:00 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll 2012-06-17 01:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-17 01:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-17 01:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-17 01:52 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-17 01:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-17 01:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-17 01:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-17 01:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-17 01:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-17 01:50 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-17 01:50 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-17 01:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-17 01:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-17 01:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-17 01:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-17 01:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-17 01:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-17 01:09 . 2012-06-17 01:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Wireshark 2012-06-13 11:44 . 2012-06-13 11:44 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia 2012-06-11 23:49 . 2012-06-11 23:49 -------- d-----w- c:\programdata\Axara 2012-06-11 23:47 . 2012-06-11 23:55 -------- d-----w- c:\program files (x86)\Common Files\Axara 2012-06-11 17:49 . 2012-06-17 01:33 -------- d-----w- c:\windows\SysWow64\kodak 2012-06-11 17:05 . 2012-06-17 01:34 -------- d-----w- c:\program files (x86)\Kodak 2012-06-11 13:22 . 2012-06-11 16:36 -------- d-----w- c:\program files\Web Assistant 2012-06-11 13:18 . 2012-06-11 13:43 -------- d-----w- c:\program files (x86)\1ClickDownload 2012-06-09 14:19 . 2012-06-17 01:34 -------- d-----w- c:\users\Owner\AppData\Local\Eastman_Kodak_Company 2012-06-09 14:17 . 2012-06-09 14:17 -------- d-----w- c:\users\Owner\AppData\Local\Eastman Kodak Company 2012-06-09 14:09 . 2012-06-17 01:34 -------- d-----w- c:\programdata\Kodak 2012-06-05 14:53 . 2012-06-05 14:53 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_ 2012-06-05 12:39 . 2012-06-05 12:39 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang__1969_ . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-09 11:49 . 2012-05-09 11:49 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys 2012-04-04 22:47 . 2012-05-10 13:42 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-04-04 22:47 . 2011-03-30 02:48 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-04 19:56 . 2012-03-30 21:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-28_15.46.59 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-06-30 00:33 57054 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-30 00:33 52316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-07-31 16:26 . 2012-06-30 00:33 13440 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2493216118-4062180646-4280587544-1000_UserData.bin + 2012-06-30 00:31 . 2012-06-30 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-06-28 15:13 . 2012-06-28 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-30 00:31 . 2012-06-30 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-28 15:13 . 2012-06-28 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-06-30 00:30 . 2012-06-30 00:30 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe + 2012-06-30 00:30 . 2012-06-30 00:30 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe + 2011-07-30 21:23 . 2012-06-29 01:33 238008 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-06-27 16:05 649202 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-30 11:40 649202 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-30 11:40 116760 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-06-27 16:05 116760 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-06-30 00:30 268100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-06-28 12:35 268100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-06-30 00:30 . 2012-06-30 00:30 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll - 2011-08-11 20:08 . 2012-06-28 02:04 1858628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-4096.dat + 2011-08-11 20:08 . 2012-06-30 00:30 1858628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-4096.dat - 2011-07-31 21:34 . 2012-06-28 12:35 28940144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-8192.dat + 2011-07-31 21:34 . 2012-06-30 00:30 28940144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "F-Secure Manager"="c:\program files (x86)\Frontier\Security\Common\FSM32.EXE" [2011-09-26 201392] "F-Secure TNB"="c:\program files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" [2011-09-26 1655472] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R0 93701173;93701173;c:\windows\system32\DRIVERS\93701173.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-03-30 61088] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-29 82816] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-05-09 55960] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2011-09-26 60048] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-26 46672] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-09-26 94320] S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2011-09-26 15024] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html LSP: c:\program files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.254.254 192.168.254.254 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-30 08:44:42 ComboFix-quarantined-files.txt 2012-06-30 12:44 ComboFix2.txt 2012-06-29 18:43 ComboFix3.txt 2012-06-28 15:51 . Pre-Run: 128,067,244,032 bytes free Post-Run: 128,023,023,616 bytes free . - - End Of File - - B08370346159E6C2482563EB413E6C90
-
Sorry posted same pic twice, this is the spybot scan from the 25th
-
That file does not appear to exsit, I did checked and show hidden files is on. My wifes laptop started to act up, firefox running slow, I googled and I now see alot of firefox users complaining, firefox and adobe flash player and some firefox addons not agreeing with each other causing slow internet speeds. This could be my problem. Even though spybot found incredibar and deleted it. I had to take my wife firefox back to version 3.6.XX to get the speeds back up. That version is no longer susported and does occasionly crash. So I download Google Chrome for her laptop. I have not changed anything on this laptop and will not do so until you tell me it is safe to do so. spybot scan done on the 25th
-
Should have mentioned ran speedtest using EI 3047 k thank you for all your help so far.
-
Ran all scans, tried speed test after 426 k, also firefox went into unresponsive mode for 15 seconds then loaded. ComboFix 12-06-28.03 - Owner 06/29/2012 14:30:38.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6106 [GMT -4:00] Running from: c:\users\Owner\Desktop\ComboFix.exe Command switches used :: c:\users\Owner\Desktop\CFScript.txt AV: Max Security 9.17 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Max Security 9.17 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Max Security 9.17 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 ))))))))))))))))))))))))))))))) . . 2012-06-29 18:39 . 2012-06-29 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-29 12:18 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4B9BA93-C968-49EF-AF15-791B593C1B1A}\mpengine.dll 2012-06-27 18:13 . 2012-06-27 18:13 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-06-27 18:13 . 2012-06-27 18:13 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-27 18:13 . 2012-06-27 18:13 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-06-27 16:07 . 2012-06-27 16:07 -------- d-----w- C:\_OTL 2012-06-25 16:59 . 2012-06-27 18:13 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2012-06-25 16:59 . 2012-06-27 18:13 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2012-06-25 16:59 . 2012-06-27 18:13 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2012-06-21 11:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 11:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 11:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 11:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 11:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 11:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 11:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 11:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 11:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-17 10:54 . 2010-05-27 16:32 774144 ----a-w- c:\windows\SysWow64\htmlayout.dll 2012-06-17 07:00 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-17 07:00 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-17 07:00 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-06-17 07:00 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2012-06-17 07:00 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2012-06-17 07:00 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll 2012-06-17 01:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-17 01:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-17 01:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-17 01:52 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-17 01:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-17 01:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-17 01:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-17 01:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-17 01:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-17 01:50 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-17 01:50 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-17 01:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-17 01:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-17 01:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-17 01:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-17 01:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-17 01:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-17 01:09 . 2012-06-17 01:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Wireshark 2012-06-13 11:44 . 2012-06-13 11:44 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia 2012-06-11 23:49 . 2012-06-11 23:49 -------- d-----w- c:\programdata\Axara 2012-06-11 23:47 . 2012-06-11 23:55 -------- d-----w- c:\program files (x86)\Common Files\Axara 2012-06-11 17:49 . 2012-06-17 01:33 -------- d-----w- c:\windows\SysWow64\kodak 2012-06-11 17:05 . 2012-06-17 01:34 -------- d-----w- c:\program files (x86)\Kodak 2012-06-11 13:22 . 2012-06-11 16:36 -------- d-----w- c:\program files\Web Assistant 2012-06-11 13:18 . 2012-06-11 13:43 -------- d-----w- c:\program files (x86)\1ClickDownload 2012-06-09 14:19 . 2012-06-17 01:34 -------- d-----w- c:\users\Owner\AppData\Local\Eastman_Kodak_Company 2012-06-09 14:17 . 2012-06-09 14:17 -------- d-----w- c:\users\Owner\AppData\Local\Eastman Kodak Company 2012-06-09 14:09 . 2012-06-17 01:34 -------- d-----w- c:\programdata\Kodak 2012-06-05 14:53 . 2012-06-05 14:53 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_ 2012-06-05 12:39 . 2012-06-05 12:39 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang__1969_ . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-26 20:36 . 2012-04-01 17:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-26 20:36 . 2011-11-10 15:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-09 11:49 . 2012-05-09 11:49 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys 2012-04-04 22:47 . 2012-05-10 13:42 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-04-04 22:47 . 2011-03-30 02:48 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-04 19:56 . 2012-03-30 21:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-28_15.46.59 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-06-29 16:44 56990 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-29 16:44 52120 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-07-31 16:26 . 2012-06-29 16:44 13432 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2493216118-4062180646-4280587544-1000_UserData.bin - 2012-06-28 15:13 . 2012-06-28 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-29 16:42 . 2012-06-29 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-06-28 15:13 . 2012-06-28 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-06-29 16:42 . 2012-06-29 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-07-30 21:23 . 2012-06-29 01:33 238008 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36 . 2012-06-29 16:47 649202 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-27 16:05 649202 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-29 16:47 116760 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-06-27 16:05 116760 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-06-28 12:35 268100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-29 16:00 268100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-07-31 21:34 . 2012-06-29 16:00 28940144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-8192.dat - 2011-07-31 21:34 . 2012-06-28 12:35 28940144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "F-Secure Manager"="c:\program files (x86)\Frontier\Security\Common\FSM32.EXE" [2011-09-26 201392] "F-Secure TNB"="c:\program files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" [2011-09-26 1655472] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R0 93701173;93701173;c:\windows\system32\DRIVERS\93701173.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 257224] R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-03-30 61088] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-29 82816] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-05-09 55960] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2011-09-26 60048] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-26 46672] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-09-26 94320] S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2011-09-26 15024] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] . . Contents of the 'Scheduled Tasks' folder . 2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:55253 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html LSP: c:\program files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.254.254 192.168.254.254 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-29 14:43:33 ComboFix-quarantined-files.txt 2012-06-29 18:43 ComboFix2.txt 2012-06-28 15:51 . Pre-Run: 129,553,760,256 bytes free Post-Run: 129,271,230,464 bytes free . - - End Of File - - 81C672818B5055C41C0E521B65CB8655 MiniToolBox by Farbar Version: 25-06-2012 Ran by Owner (administrator) on 29-06-2012 at 15:04:41 Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. ProxyServer: http=127.0.0.1:55253 "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected) Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Owner-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : domain.invalid Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : domain.invalid Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) Physical Address. . . . . . . . . : 00-26-6C-C8-B0-68 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : domain.invalid Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC Physical Address. . . . . . . . . : E0-CA-94-0A-CA-F7 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::111e:b69d:3174:c946%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.254.2(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Friday, June 29, 2012 12:42:36 PM Lease Expires . . . . . . . . . . : Monday, August 05, 2148 9:33:16 PM Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 192.168.254.254 DHCPv6 IAID . . . . . . . . . . . : 249612948 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-A1-87-EB-E0-CA-94-0A-CA-F7 DNS Servers . . . . . . . . . . . : 192.168.254.254 192.168.254.254 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.domain.invalid: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : domain.invalid Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 192.168.254.254 Name: google.com Addresses: 2607:f8b0:4004:801::1002 74.125.228.39 74.125.228.40 74.125.228.41 74.125.228.46 74.125.228.32 74.125.228.33 74.125.228.34 74.125.228.35 74.125.228.36 74.125.228.37 74.125.228.38 Ping request could not find host google.com. Please check the name and try again. Server: UnKnown Address: 192.168.254.254 Name: yahoo.com Addresses: 72.30.38.140 98.139.183.24 209.191.122.70 Ping request could not find host yahoo.com. Please check the name and try again. Server: UnKnown Address: 192.168.254.254 Name: bleepingcomputer.com Address: 208.43.87.2 Ping request could not find host bleepingcomputer.com. Please check the name and try again. Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time=6ms TTL=128 Reply from 127.0.0.1: bytes=32 time=6ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 6ms, Maximum = 6ms, Average = 6ms =========================================================================== Interface List 12...00 26 6c c8 b0 68 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) 11...e0 ca 94 0a ca f7 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.254.0 255.255.255.0 On-link 192.168.254.2 281 192.168.254.2 255.255.255.255 On-link 192.168.254.2 281 192.168.254.255 255.255.255.255 On-link 192.168.254.2 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.254.2 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.254.2 286 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 11 286 fe80::/64 On-link 11 286 fe80::111e:b69d:3174:c946/128 On-link 1 306 ff00::/8 On-link 11 286 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog9 01 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation) Catalog9 02 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation) Catalog9 03 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation) Catalog9 04 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation) Catalog9 05 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation) Catalog9 06 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 17 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog9 01 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation) x64-Catalog9 02 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation) x64-Catalog9 03 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation) x64-Catalog9 04 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation) x64-Catalog9 05 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation) x64-Catalog9 06 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 15 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 16 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 17 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (06/29/2012 00:44:13 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2012 11:20:30 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2012 08:14:09 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2012 04:30:26 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2012 11:15:11 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2012 08:27:45 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2012 08:16:36 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2012 09:30:26 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2012 04:22:14 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2012 03:06:17 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/29/2012 02:39:44 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (06/29/2012 02:35:28 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (06/29/2012 00:43:45 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (06/29/2012 00:42:45 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: 93701173 Error: (06/29/2012 11:19:56 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (06/29/2012 11:19:13 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: 93701173 Error: (06/29/2012 08:14:02 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (06/29/2012 08:13:08 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: 93701173 Error: (06/28/2012 04:29:47 PM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (06/28/2012 04:29:05 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: 93701173 Microsoft Office Sessions: ========================= Error: (06/29/2012 00:44:13 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2012 11:20:30 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2012 08:14:09 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2012 04:30:26 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2012 11:15:11 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2012 08:27:45 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2012 08:16:36 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2012 09:30:26 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2012 04:22:14 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2012 03:06:17 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 =========================== Installed Programs ============================ 64 Bit HP CIO Components Installer (Version: 6.2.2) Adobe Flash Player 11 ActiveX (Version: 11.3.300.257) Adobe Flash Player 11 Plugin (Version: 11.3.300.262) Adobe Reader X (10.1.3) MUI (Version: 10.1.3) Angry Birds Rio (Version: 1.4.2) Angry Birds Seasons (Version: 2.2.0) Angry Birds Space (Version: 1.0.0) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36) ATI Catalyst Install Manager (Version: 3.0.808.0) AVS Audio Converter 7 AVS Audio Editor 7.1 AVS Audio Recorder version 4.0 AVS Cover Editor 2.0.1.3 AVS Disc Creator 5 AVS Document Converter 2.1.2 AVS DVD Authoring AVS DVD Copy version 4.1.2 AVS Image Converter 2.1.2.169 AVS Media Player 4.1.8.93 AVS Photo Editor AVS Registry Cleaner version 2.2 AVS Ringtone Maker version 1.6 AVS Screen Capture version 2.0.1 AVS Update Manager 1.0 AVS Video Converter 8 AVS Video Editor 6 AVS Video Recorder 2.4 AVS Video ReMaker 4.0.8.140 AVS4YOU Software Navigator 1.4 Best Buy pc app (Version: 3.0.0.0) calibre (Version: 0.8.15) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (Version: 2011.0216.726.13233) Catalyst Control Center InstallProxy (Version: 2011.0216.726.13233) Catalyst Control Center Localization All (Version: 2011.0216.726.13233) ccc-core-static (Version: 2011.0216.726.13233) ccc-utility64 (Version: 2011.0216.726.13233) CCC Help Chinese Standard (Version: 2011.0216.0725.13233) CCC Help Chinese Traditional (Version: 2011.0216.0725.13233) CCC Help Czech (Version: 2011.0216.0725.13233) CCC Help Danish (Version: 2011.0216.0725.13233) CCC Help Dutch (Version: 2011.0216.0725.13233) CCC Help English (Version: 2011.0216.0725.13233) CCC Help Finnish (Version: 2011.0216.0725.13233) CCC Help French (Version: 2011.0216.0725.13233) CCC Help German (Version: 2011.0216.0725.13233) CCC Help Greek (Version: 2011.0216.0725.13233) CCC Help Hungarian (Version: 2011.0216.0725.13233) CCC Help Italian (Version: 2011.0216.0725.13233) CCC Help Japanese (Version: 2011.0216.0725.13233) CCC Help Korean (Version: 2011.0216.0725.13233) CCC Help Norwegian (Version: 2011.0216.0725.13233) CCC Help Polish (Version: 2011.0216.0725.13233) CCC Help Portuguese (Version: 2011.0216.0725.13233) CCC Help Russian (Version: 2011.0216.0725.13233) CCC Help Spanish (Version: 2011.0216.0725.13233) CCC Help Swedish (Version: 2011.0216.0725.13233) CCC Help Thai (Version: 2011.0216.0725.13233) CCC Help Turkish (Version: 2011.0216.0725.13233) CCleaner (Version: 3.17) Conexant HD Audio (Version: 8.54.1.0) Coupon Printer for Windows (Version: 5.0.0.1) D3DX10 (Version: 15.4.2368.0902) DJ_AIO_06_F4500_SW_MIN (Version: 140.0.690.000) DVDFab 8.1.7.8 (17/04/2012) Qt ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0) HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (Version: 14.0) Java Auto Updater (Version: 2.1.6.0) Java 6 Update 29 (Version: 6.0.290) Java 7 Update 4 (Version: 7.0.40) JavaFX 2.1.0 (Version: 2.1.0) Junk Mail filter update (Version: 15.4.3502.0922) Label@Once 1.0 (Version: 1.0) Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400) Max Security Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (Version: 14.0.4763.1000) Microsoft Silverlight (Version: 5.1.10411.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319) Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0) Mozilla Maintenance Service (Version: 13.0.1) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Network64 (Version: 140.0.215.000) Notepad2 (Notepad Replacement) (Version: 4.2.25 ) PlayReady PC Runtime amd64 (Version: 1.3.0) PlayReady PC Runtime x86 (Version: 1.3.0) RapidShare Manager (Version: 0.1) Realtek USB 2.0 Card Reader (Version: 6.1.7600.30124) Realtek WLAN Driver (Version: 2.00.0016) Scan (Version: 140.0.80.000) Toolbox (Version: 140.0.428.000) TOSHIBA Application Installer (Version: 9.0.1.1) TOSHIBA Assist (Version: 4.02.02) Toshiba Book Place (Version: 2.2.6775) TOSHIBA Bulletin Board (Version: 1.6.08.64) TOSHIBA Disc Creator (Version: 2.1.0.4 for x64) TOSHIBA Face Recognition (Version: 3.1.3.64) TOSHIBA Hardware Setup (Version: 2.00.14) TOSHIBA HDD/SSD Alert (Version: 3.1.64.6) TOSHIBA Media Controller (Version: 1.0.80.8.64) TOSHIBA Quality Application (Version: 1.0.3) TOSHIBA Recovery Media Creator (Version: 2.1.3.5109) TOSHIBA ReelTime (Version: 1.7.16.64) TOSHIBA Service Station (Version: 2.1.45) TOSHIBA Supervisor Password (Version: 2.00.07) TOSHIBA Value Added Package (Version: 1.3.22.64) TOSHIBA Web Camera Application (Version: 2.0.1.1) ToshibaRegistration (Version: 1.0.4) TurboTax 2011 TurboTax 2011 WinPerFedFormset (Version: 011.000.2675) TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0436) TurboTax 2011 WinPerTaxSupport (Version: 011.000.0210) TurboTax 2011 wnyiper (Version: 011.000.1375) TurboTax 2011 wrapper (Version: 011.000.0120) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3508.1109) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) WinRAR archiver (Version: 4.01.0) WMV9/VC-1 Video Playback (Version: 1.00.0000) ========================= Devices: ================================ Name: Deskjet F4500 series Description: Deskjet F4500 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ========================= Memory info: =================================== Percentage of memory in use: 23% Total physical RAM: 7782.87 MB Available physical RAM: 5925.57 MB Total Pagefile: 15563.93 MB Available Pagefile: 13703.11 MB Total Virtual: 4095.88 MB Available Virtual: 3963.12 MB ========================= Partitions: ===================================== 1 Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:120.42 GB) NTFS ========================= Users: ======================================== User accounts for \\OWNER-PC Administrator Guest Owner ========================= Minidump Files ================================== No minidump file found **** End of log **** aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-29 15:08:21 ----------------------------- 15:08:21.713 OS Version: Windows x64 6.1.7601 Service Pack 1 15:08:21.713 Number of processors: 2 586 0x100 15:08:21.713 ComputerName: OWNER-PC UserName: Owner 15:08:23.460 Initialize success 15:08:31.022 AVAST engine download error: 0 15:08:33.861 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067 15:08:33.877 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 11 15:08:33.893 Disk 0 MBR read successfully 15:08:33.908 Disk 0 MBR scan 15:08:33.924 Disk 0 Windows VISTA default MBR code 15:08:33.939 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048 15:08:33.955 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292137 MB offset 3074048 15:08:33.986 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11607 MB offset 601370624 15:08:34.049 Disk 0 scanning C:\windows\system32\drivers 15:08:41.271 Service scanning 15:09:16.902 Modules scanning 15:09:16.917 Disk 0 trace - called modules: 15:09:16.964 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 15:09:17.495 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007175660] 15:09:17.510 3 CLASSPNP.SYS[fffff880019c943f] -> nt!IofCallDriver -> [0xfffffa8006c04040] 15:09:17.526 5 amd_xata.sys[fffff880010918b4] -> nt!IofCallDriver -> \Device\00000067[0xfffffa8006c006f0] 15:09:17.541 Scan finished successfully 15:09:39.194 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat" 15:09:39.210 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
-
combofix completed log below ComboFix 12-06-28.01 - Owner 06/28/2012 11:37:45.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6179 [GMT -4:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: Max Security 9.17 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Max Security 9.17 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Max Security 9.17 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Owner\AppData\Roaming\159A.137 . . ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 ))))))))))))))))))))))))))))))) . . 2012-06-28 15:46 . 2012-06-28 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-27 18:13 . 2012-06-27 18:13 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-06-27 18:13 . 2012-06-27 18:13 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-27 18:13 . 2012-06-27 18:13 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-06-27 16:07 . 2012-06-27 16:07 -------- d-----w- C:\_OTL 2012-06-26 16:05 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18476433-70D0-4C79-ADC7-388D4F20554D}\mpengine.dll 2012-06-25 16:59 . 2012-06-27 18:13 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2012-06-25 16:59 . 2012-06-27 18:13 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2012-06-25 16:59 . 2012-06-27 18:13 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2012-06-21 11:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 11:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 11:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 11:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 11:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 11:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 11:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 11:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 11:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-17 10:54 . 2010-05-27 16:32 774144 ----a-w- c:\windows\SysWow64\htmlayout.dll 2012-06-17 07:00 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-17 07:00 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-17 07:00 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-06-17 07:00 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2012-06-17 07:00 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2012-06-17 07:00 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll 2012-06-17 01:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-17 01:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-17 01:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-17 01:52 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-17 01:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-17 01:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-17 01:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-17 01:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-17 01:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-17 01:50 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-17 01:50 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-17 01:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-17 01:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-17 01:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-17 01:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-17 01:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-17 01:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-17 01:09 . 2012-06-17 01:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Wireshark 2012-06-13 11:44 . 2012-06-13 11:44 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia 2012-06-11 23:49 . 2012-06-11 23:49 -------- d-----w- c:\programdata\Axara 2012-06-11 23:47 . 2012-06-11 23:55 -------- d-----w- c:\program files (x86)\Common Files\Axara 2012-06-11 17:49 . 2012-06-17 01:33 -------- d-----w- c:\windows\SysWow64\kodak 2012-06-11 17:05 . 2012-06-17 01:34 -------- d-----w- c:\program files (x86)\Kodak 2012-06-11 13:22 . 2012-06-11 16:36 -------- d-----w- c:\program files\Web Assistant 2012-06-11 13:18 . 2012-06-11 13:43 -------- d-----w- c:\program files (x86)\1ClickDownload 2012-06-09 14:19 . 2012-06-17 01:34 -------- d-----w- c:\users\Owner\AppData\Local\Eastman_Kodak_Company 2012-06-09 14:17 . 2012-06-09 14:17 -------- d-----w- c:\users\Owner\AppData\Local\Eastman Kodak Company 2012-06-09 14:09 . 2012-06-17 01:34 -------- d-----w- c:\programdata\Kodak 2012-06-05 14:53 . 2012-06-05 14:53 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_ 2012-06-05 12:39 . 2012-06-05 12:39 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang__1969_ . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-26 20:36 . 2012-04-01 17:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-26 20:36 . 2011-11-10 15:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-09 11:49 . 2012-05-09 11:49 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys 2012-04-04 22:47 . 2012-05-10 13:42 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-04-04 22:47 . 2011-03-30 02:48 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-04 19:56 . 2012-03-30 21:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "F-Secure Manager"="c:\program files (x86)\Frontier\Security\Common\FSM32.EXE" [2011-09-26 201392] "F-Secure TNB"="c:\program files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" [2011-09-26 1655472] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R0 93701173;93701173;c:\windows\system32\DRIVERS\93701173.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 257224] R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-03-30 61088] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-29 82816] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-05-09 55960] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2011-09-26 60048] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-26 46672] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-09-26 94320] S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2011-09-26 15024] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] . . Contents of the 'Scheduled Tasks' folder . 2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:55253 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html LSP: c:\program files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.254.254 192.168.254.254 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\ FF - prefs.js: browser.search.selectedEngine - Rapidshare FileFinder FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-28 11:51:06 ComboFix-quarantined-files.txt 2012-06-28 15:51 . Pre-Run: 130,870,235,136 bytes free Post-Run: 130,499,653,632 bytes free . - - End Of File - - C873DC5FF77729B07E811B61D4DD81BE
-
Got home this morning tried to use Firefox, went into the not responding mode, would not bring up task manager, would not close, had to do a hard shut down to exit.
-
Ran speed test on Firefox 512 k down, IE 3012 k down. Unloaded Max Security and Google Chrome did not autoload.Some progress but something is still using up bandwidth when using firefox.
-
OTL run fix completed fix log below All processes killed ========== OTL ========== ========== OTL ========== Prefs.js: firetorrent@radicalsoft.com:2.0.3 removed from extensions.enabledItems C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\MyStart Search.xml moved successfully. Registry value HKEY_USERS\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully. C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully. C:\Program Files (x86)\ESET\ESET Online Scanner folder moved successfully. C:\Program Files (x86)\ESET folder moved successfully. C:\Program Files\SUPERAntiSpyware\Plugins folder moved successfully. C:\Program Files\SUPERAntiSpyware\Language folder moved successfully. C:\Program Files\SUPERAntiSpyware folder moved successfully. C:\ProgramData\Spybot - Search & Destroy\Snapshots2 folder moved successfully. C:\ProgramData\Spybot - Search & Destroy\Snapshots folder moved successfully. C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully. C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully. C:\ProgramData\Spybot - Search & Destroy\Excludes folder moved successfully. C:\ProgramData\Spybot - Search & Destroy\Backups folder moved successfully. C:\ProgramData\Spybot - Search & Destroy folder moved successfully. C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Owner\Desktop\cmd.bat deleted successfully. C:\Users\Owner\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Owner ->Temp folder emptied: 4435646 bytes ->Temporary Internet Files folder emptied: 11361341 bytes ->Java cache emptied: 1824737 bytes ->FireFox cache emptied: 69029519 bytes ->Flash cache emptied: 598 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1780103 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 84.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.53.0 log created on 06272012_120714 Files\Folders moved on Reboot... C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot...
-
step 1 I could not do Step 2 done with negative results Step 3 posted below I also noted that it appears only firefox is effected so far, Internet Explore is still operation well, with speeds up to 3000k. Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.27.01 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Owner :: OWNER-PC [administrator] Protection: Enabled 6/26/2012 9:53:08 PM mbam-log-2012-06-26 (21-53-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205931 Time elapsed: 3 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) OTL logfile created on: 6/26/2012 9:59:37 PM - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Owner\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.60 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 79.57% Memory free 15.20 Gb Paging File | 13.53 Gb Available in Paging File | 89.03% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.29 Gb Total Space | 124.21 Gb Free Space | 43.54% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/26 21:57:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe PRC - [2012/05/29 09:30:29 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fssm32.exe PRC - [2012/05/29 09:30:28 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/30 17:07:55 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe PRC - [2012/03/30 17:06:48 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsav32.exe PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/09/26 11:53:24 | 000,201,392 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE PRC - [2011/09/26 11:53:24 | 000,189,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE PRC - [2011/09/26 11:53:24 | 000,090,800 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSHDLL32.EXE PRC - [2011/09/26 11:52:10 | 000,221,872 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe ========== Modules (No Company Name) ========== MOD - [2011/09/26 11:53:50 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSPC\fspcfsm.eng MOD - [2011/09/26 11:52:22 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\strres.eng MOD - [2011/09/26 11:52:20 | 000,553,648 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\gres.dll MOD - [2011/09/26 11:52:20 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\fsavures.eng MOD - [2011/09/26 11:52:18 | 000,443,056 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\about.dll MOD - [2011/09/26 11:52:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\flyerres.eng MOD - [2011/09/26 11:52:18 | 000,090,800 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\aboutres.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/02/10 15:52:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/10/20 17:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/06/26 16:36:44 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/24 12:08:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/30 17:07:55 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/09/26 11:53:24 | 000,189,104 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE -- (FSMA) SRV - [2011/09/26 11:52:38 | 000,847,024 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\FWES\program\fsdfwd.exe -- (FSDFWD) SRV - [2011/09/26 11:52:10 | 000,221,872 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2010/07/01 13:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/09 07:49:29 | 000,055,960 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/29 17:17:24 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2011/09/26 11:52:38 | 000,094,320 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW) DRV:64bit: - [2011/09/26 11:52:32 | 000,046,672 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/14 15:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011/02/10 16:22:00 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/02/10 15:15:08 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2011/01/05 04:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/11 15:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/11/05 10:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010/11/05 10:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010/10/08 14:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/09/27 18:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012/05/29 09:31:18 | 000,199,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2011/09/26 11:53:16 | 000,060,048 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Frontier\Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2011/09/26 11:52:10 | 000,015,024 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys -- (fsvista) DRV - [2011/08/17 08:33:43 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/ IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\SearchScopes,DefaultScope = {193CE2D3-9E39-4216-9C24-A42A6DAF31E1} IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_en IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\SearchScopes\{193CE2D3-9E39-4216-9C24-A42A6DAF31E1}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55253 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Rapidshare FileFinder" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.1 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8 FF - prefs.js..extensions.enabledItems: firetorrent@radicalsoft.com:2.0.3 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.18 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com [2012/06/05 00:31:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/26 12:08:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/13 23:05:58 | 000,000,000 | ---D | M] [2011/08/11 14:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions [2012/06/26 16:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions [2012/03/30 00:17:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/02/12 09:11:41 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2012/05/19 18:12:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012/06/11 09:21:43 | 000,002,203 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\MyStart Search.xml [2011/10/06 17:49:38 | 000,001,115 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\rapidshare-filefinder.xml [2012/06/26 12:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/05 00:31:33 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES (X86)\FRONTIER\SECURITY\NRS\LITMUS-FF@F-SECURE.COM [2012/06/26 11:17:18 | 000,339,843 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI [2012/06/26 16:45:49 | 000,089,442 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI [2012/06/11 10:13:15 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/05/05 09:54:57 | 000,015,675 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\REMEMBER-PASSWORDS@STANIMIR-STAMENKOV.ADDONS.MOZILLA.ORG.XPI [2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/07/13 17:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/10/27 10:07:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/07/13 17:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE08BC4-E7DC-4552-99A3-483171EBF35B}: DhcpNameServer = 192.168.254.254 192.168.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43466DCC-1E51-4A9B-8351-B7CEAD2A04EA}: DhcpNameServer = 192.168.254.254 192.168.254.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{39b7ed5c-bacb-11e1-a2dc-00266cc8b068}\Shell - "" = AutoRun O33 - MountPoints2\{39b7ed5c-bacb-11e1-a2dc-00266cc8b068}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{e58a007c-c9cd-11e0-b4a8-00266cc8b068}\Shell - "" = AutoRun O33 - MountPoints2\{e58a007c-c9cd-11e0-b4a8-00266cc8b068}\Shell\AutoRun\command - "" = E:\HPLauncher.exe O33 - MountPoints2\{ff9997ae-c448-11e0-8b0e-00266cc8b068}\Shell - "" = AutoRun O33 - MountPoints2\{ff9997ae-c448-11e0-8b0e-00266cc8b068}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/26 21:57:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2012/06/26 13:35:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr [2012/06/26 12:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/06/25 13:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/06/25 13:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/06/17 06:54:02 | 000,774,144 | ---- | C] (Terra Informatica Software, Inc., British Columbia, Canada.) -- C:\windows\SysWow64\htmlayout.dll [2012/06/16 22:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/06/16 21:09:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Wireshark [2012/06/13 07:44:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia [2012/06/11 19:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Axara [2012/06/11 19:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Axara [2012/06/11 13:49:58 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\kodak [2012/06/11 13:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak [2012/06/11 09:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012/06/11 09:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload [2012/06/09 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Eastman_Kodak_Company [2012/06/09 10:17:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Eastman Kodak Company [2012/06/09 10:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak [2012/06/09 10:09:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Temp [2012/06/09 10:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak [2012/06/05 10:53:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_ [2012/06/05 08:39:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\The_Over-the-Hill_Gang__1969_ [2011/10/29 17:17:24 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/26 21:57:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2012/06/26 21:12:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/06/26 17:24:44 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/26 17:24:44 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/26 17:16:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/26 17:16:52 | 1825,726,463 | -HS- | M] () -- C:\hiberfil.sys [2012/06/26 13:35:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr [2012/06/26 12:08:32 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/06/26 12:08:31 | 000,002,067 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/06/25 14:22:01 | 000,185,726 | ---- | M] () -- C:\Users\Owner\Desktop\bookmarks-2012-06-25.json [2012/06/25 14:11:27 | 000,162,856 | ---- | M] () -- C:\Users\Owner\Desktop\Untitled.jpg [2012/06/25 12:58:22 | 000,007,607 | ---- | M] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg [2012/06/22 16:57:16 | 000,762,458 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/06/22 16:57:16 | 000,649,202 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/06/22 16:57:16 | 000,116,760 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/06/18 05:10:05 | 000,290,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/06/17 07:25:38 | 001,657,725 | ---- | M] () -- C:\Users\Owner\Documents\heatwave grilling guide rev2009.pdf [2012/06/17 06:59:14 | 000,001,216 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Disc Creator.lnk [2012/06/17 06:57:12 | 000,001,252 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Audio Converter.lnk [2012/06/17 06:56:34 | 000,001,216 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Media Player.lnk [2012/06/17 06:54:40 | 000,001,252 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Video Converter.lnk [2012/06/16 15:39:14 | 000,822,419 | ---- | M] () -- C:\Users\Owner\AppData\Local\census.cache [2012/06/16 15:38:55 | 000,105,430 | ---- | M] () -- C:\Users\Owner\AppData\Local\ars.cache [2012/06/16 15:29:08 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache [2012/06/15 08:17:48 | 003,245,374 | ---- | M] () -- C:\Users\Owner\Documents\Netgear_7550_BHSI_Reference_Guide.pdf [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/25 14:22:00 | 000,185,726 | ---- | C] () -- C:\Users\Owner\Desktop\bookmarks-2012-06-25.json [2012/06/25 14:11:26 | 000,162,856 | ---- | C] () -- C:\Users\Owner\Desktop\Untitled.jpg [2012/06/17 07:25:38 | 001,657,725 | ---- | C] () -- C:\Users\Owner\Documents\heatwave grilling guide rev2009.pdf [2012/06/17 06:57:12 | 000,001,252 | ---- | C] () -- C:\Users\Owner\Desktop\AVS Audio Converter.lnk [2012/06/17 06:56:34 | 000,001,216 | ---- | C] () -- C:\Users\Owner\Desktop\AVS Media Player.lnk [2012/06/17 06:54:40 | 000,001,252 | ---- | C] () -- C:\Users\Owner\Desktop\AVS Video Converter.lnk [2012/06/16 15:39:14 | 000,822,419 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache [2012/06/16 15:38:55 | 000,105,430 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache [2012/06/16 15:29:08 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache [2012/06/15 08:29:42 | 003,245,374 | ---- | C] () -- C:\Users\Owner\Documents\Netgear_7550_BHSI_Reference_Guide.pdf [2012/05/06 11:54:19 | 000,000,005 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mbam.context.scan [2012/04/04 13:06:41 | 000,007,607 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg [2012/02/10 10:13:58 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012/01/27 10:47:48 | 000,023,978 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Notepad2.ini [2012/01/11 09:14:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011/12/23 00:01:50 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{A69A8F95-5AB0-457D-B177-10CF2AA32681} [2011/10/29 17:17:24 | 000,099,384 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\inst.exe [2011/10/29 17:17:24 | 000,007,859 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat [2011/10/29 17:17:24 | 000,001,167 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf [2011/08/24 15:52:39 | 000,008,104 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\159A.137 [2011/08/18 18:40:00 | 000,524,288 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2011/08/18 18:40:00 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2011/08/11 16:07:38 | 000,042,672 | ---- | C] () -- C:\windows\SysWow64\drivers\fsbts.sys [2011/08/11 16:06:57 | 000,777,242 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/08/11 15:33:42 | 000,173,326 | ---- | C] () -- C:\windows\hpoins46.dat [2011/08/11 15:33:41 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat [2011/07/02 22:09:56 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2011/07/02 22:03:54 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011/07/02 22:01:20 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012/02/10 17:43:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\calibre [2012/03/23 18:09:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rovio [2012/06/09 10:09:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Temp [2011/10/13 11:11:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thinstall [2011/07/30 16:18:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba [2011/10/30 17:20:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP [2012/01/11 10:05:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vso [2011/07/30 12:14:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch [2012/06/16 21:09:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wireshark [2012/05/14 08:11:58 | 000,032,634 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 6/26/2012 9:59:37 PM - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Owner\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.60 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 79.57% Memory free 15.20 Gb Paging File | 13.53 Gb Available in Paging File | 89.03% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.29 Gb Total Space | 124.21 Gb Free Space | 43.54% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG) Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG) Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0325FBAE-4537-479F-A13F-55FC3F846C3B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{03DE67E1-672B-45A1-8373-04348F11114F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{03EE766B-E086-4D5B-8DF0-BF3B97F0BB9E}" = lport=2869 | protocol=6 | dir=in | app=system | "{08587E3D-EDB4-4DD2-B694-ED03300028D3}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | "{08D1FC44-7AD5-4EF9-BAC7-032AB33DE23C}" = lport=67 | protocol=17 | dir=in | name=dhcp server | "{0DC7F033-549D-45EF-BE2B-067B8935AB77}" = rport=138 | protocol=17 | dir=out | app=system | "{14AB2AF9-56FB-4FD4-A54A-B1F6A0546096}" = lport=138 | protocol=17 | dir=in | app=system | "{16EA5E6A-F41F-4E7D-BD0E-9F22F2880584}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{1ADD7169-E3B6-43C1-BC11-CF39D8A9A03E}" = rport=139 | protocol=6 | dir=out | app=system | "{1D751C5E-19BD-4EE1-B074-D30B3C7140E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2DE1DD9E-03C5-41DB-9312-F6946AFF1749}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{347867FA-6224-4438-8B0D-CEBD3FA74B56}" = lport=80 | protocol=6 | dir=in | app=system | "{3640AA6F-A8B8-4042-B73A-85B8286C281F}" = rport=137 | protocol=17 | dir=out | app=system | "{43805FE7-D3FD-45A4-88E2-0FCC8DE92654}" = lport=10243 | protocol=6 | dir=in | app=system | "{4645C308-2133-44A2-B6DE-9037A5AC82B8}" = lport=445 | protocol=6 | dir=in | app=system | "{4A8BEE2D-8097-4262-BFE7-31D8AEF167C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4EF62858-497E-4226-B51C-BCC89F1B7B30}" = lport=137 | protocol=17 | dir=in | app=system | "{505D9248-1DC0-4F21-81A1-FF051421C364}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{52DFF76B-B404-4F6D-8AD4-406F921CFC1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5E2529D7-4F25-40D3-8ADC-DDE1137686DD}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | "{5FAA62C2-60E2-405B-8C36-DAD220C12259}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{60315EAE-99D8-4144-B45D-17DFFADE59B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{695FF8F5-C991-46C9-BE6F-E100793C2EBF}" = lport=139 | protocol=6 | dir=in | app=system | "{8D2E385E-FA84-47F4-A045-D0BB81532997}" = rport=10243 | protocol=6 | dir=out | app=system | "{A2BA94E2-6EDC-46D0-88AD-6BFC2929EBF8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A8B7E8E9-FF1B-43B0-B2D4-84ACE3858799}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AC32921E-67F9-4561-9891-907B6986CD54}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B826C55C-FFD8-470E-B98A-01B6C8287632}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BCD5E252-7514-45DB-8B06-FD8C679CBE76}" = lport=5985 | protocol=6 | dir=in | app=system | "{C2498A10-A860-458E-BE13-7652D6C13032}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CA9E1CE5-8E7B-40D3-8B5B-92C7E17C3681}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{CB724FB8-669F-4B2A-954E-053867D69FE5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CBFD4BC7-5340-47F2-B52C-6DA3D497F27A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DADD209F-3463-4B27-8AAB-68593A0D7308}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E154CEA0-0DB7-4D59-96B4-A3CDAA2BBFA1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{E2DEF2DA-3DE4-4A77-8CC9-625E50B0B60B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F5A11290-466E-47B5-BD7A-472CE0FC1443}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | "{FA034507-7CBC-48A6-A647-2D6089B9AA93}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{FD8927FF-9D35-45D2-99F7-026ABA35026E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{FEAA81F6-D5C9-4C23-8359-195FD37D7BB6}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0905582C-FD1A-4FCB-B2C8-6A07C109E3D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{23A5654A-2557-4718-A769-897C150A90EE}" = protocol=6 | dir=out | app=system | "{2C01A374-AF1F-4C96-AF18-35B289B41159}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{343164E2-8EDF-4C1C-8030-A49136BEBE99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{34BFDA78-6AE5-4698-8620-1B4CC951861C}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe | "{376DC99A-0CD0-4BDD-BF6A-A924D313A601}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3946D72E-53ED-46B9-9E80-EE8CF1328D8A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{43187CD1-3D50-4642-8AA8-5F757F3583B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{58D943C4-91E3-429F-A208-F380DE73E0A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{594B1CF4-A867-4355-848B-2E2DF60A21A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{5C6DD614-CA22-4326-95F7-5AA1045A73FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{601E2FA6-D546-4E71-9798-24886177103A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{611CDB3D-2C43-4081-B5F8-780673FF090F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{736A36A3-D092-4A11-AE4B-B34E3B565A61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7DF2A16B-7154-4F81-8245-11B0DFAAE3F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8E6A89F3-8DD8-4A4B-85FF-9266B8D61247}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8ECE7C2F-16E7-4D77-831C-43EB91C4D7CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{908932AF-A2A5-4FC1-9691-14032B61CD6F}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe | "{953A33F0-87E8-42F7-B818-C31840B5BBD1}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe | "{96911F94-14E6-46F2-8DC2-DDA0A7749DF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{96B73E58-94A3-4F2F-BD6E-8353733252C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{99AA7554-281A-46C4-BD14-3603A3FFEC9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9EF4B067-2F5B-4796-A6FE-407EB01C307F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A0660AB3-182A-4257-9A5C-6B895838163E}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe | "{C2FD88D0-635E-4D74-B683-2E3E4C95F68B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{C7FB99B2-7FD8-4C50-8FA2-84F43ECA160A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{ED3EE8B0-1895-4C7D-B3F8-815FAA366DE9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{EEEF8D48-4191-4E87-8899-E7AD3B5E86D7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{F6CDC8AA-39FE-4184-B91E-530CB90DA0D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{FCB8509E-0F79-402D-837D-1FEA59469693}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{FD396FC9-579F-4986-B59F-8D1925A11F5C}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe | "TCP Query User{4964AB3B-CFAD-428B-BCE0-66072B773760}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{55E327E6-A121-42D0-87CF-52E4404F97BC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{146F714C-F720-4777-8B2C-15FC351C270E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{FD0DE1B0-5716-4510-951D-93ADAED5E232}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}" = ATI Catalyst Install Manager "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "{3EF6F8CE-BE77-0786-CA40-3CB5BF5EBCC8}" = ccc-utility64 "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{522D5958-FFF0-2849-776B-442BE2A0004C}" = WMV9/VC-1 Video Playback "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "Elantech" = ETDWare PS/2-X64 8.0.8.0_R01 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Notepad2" = Notepad2 (Notepad Replacement) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04259F13-626E-814E-A80C-4601DFF3CE95}" = CCC Help Finnish "{04D90620-2973-6F93-6E6C-C833F39C50C1}" = CCC Help Thai "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0 "{0FC61261-B251-C870-C650-8A854F1B4CF0}" = CCC Help Chinese Standard "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1D0C8FEA-F9E6-4272-8465-58903F1946D0}" = TurboTax 2011 wnyiper "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{24C563C0-5569-A3BF-DF26-AAB3F25B5375}" = CCC Help Danish "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4 "{2823D463-54F8-F7B4-818F-B7436FF70658}" = CCC Help Portuguese "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{32F32D10-5190-7565-DD14-C235FAF81408}" = CCC Help Dutch "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{34F971C8-B75F-6B8D-4AFC-5DAB84241AE6}" = CCC Help French "{3798E892-DB93-6BE5-D4AD-8D1C4569F5EF}" = CCC Help Norwegian "{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre "{52A2A26B-59BE-DE58-67EA-AE33077248A0}" = CCC Help Greek "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{589EB570-9B45-8EF9-7A0F-2A5B3A37BC49}" = CCC Help Swedish "{59F65EE9-3DD6-6944-8222-342A9947D40B}" = Catalyst Control Center InstallProxy "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration "{60A1C223-4D86-AD1E-FB21-DE75010DABE3}" = CCC Help Hungarian "{618AF7BF-10CD-0118-EE52-ED9BC440487B}" = CCC Help Russian "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C313A41-2704-23C5-DA68-05BB34126233}" = CCC Help Italian "{6C49A7D6-FD97-A573-29C7-87ED1756AC6D}" = CCC Help Chinese Traditional "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "{70B4D913-147C-7084-961A-6728E8F2AC2E}" = CCC Help Korean "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup "{9240D97C-D575-465E-A681-21C0979EE5DF}" = Angry Birds Seasons "{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}" = Angry Birds Rio "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI "{ACB77FD0-7796-82B5-51B1-3ABAD84932E7}" = Catalyst Control Center Graphics Previews Common "{AE26F217-2100-A52C-2A00-3829358E4930}" = ccc-core-static "{B35FB627-BB1F-E79D-9512-E7CF549B00AD}" = CCC Help Polish "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist "{C4F1B841-0C75-368C-0A54-1BAF7C8B6A91}" = CCC Help English "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE15C07B-32E3-0586-305C-975F0FEE559A}" = CCC Help Turkish "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DC280F21-4FD6-9D47-6323-7CD5C8712DFB}" = CCC Help Spanish "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED8AB7F6-E885-A8E9-1E97-2218D89FAE8F}" = CCC Help German "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{EEE6C8F8-4FDD-A08F-2292-31B34E327C0C}" = CCC Help Japanese "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F4C03C2A-E14E-EB7C-AAD7-F4FB6396BEA1}" = Catalyst Control Center Localization All "{F9E83908-4502-9B01-6B42-21E449DD2627}" = CCC Help Czech "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FB90923E-F94F-4343-A084-F0AB39305C8B}" = Catalyst Control Center - Branding "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVS Audio Converter_is1" = AVS Audio Converter 7 "AVS Audio Editor_is1" = AVS Audio Editor 7.1 "AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0 "AVS Disc Creator_is1" = AVS Disc Creator 5 "AVS Document Converter_is1" = AVS Document Converter 2.1.2 "AVS DVD Authoring_is1" = AVS DVD Authoring "AVS DVD Copy_is1" = AVS DVD Copy version 4.1.2 "AVS Image Converter_is1" = AVS Image Converter 2.1.2.169 "AVS Media Player_is1" = AVS Media Player 4.1.8.93 "AVS Photo Editor_is1" = AVS Photo Editor "AVS Ringtone Maker 1.6_is1" = AVS Ringtone Maker version 1.6 "AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS Video Editor_is1" = AVS Video Editor 6 "AVS Video Recorder_is1" = AVS Video Recorder 2.4 "AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.8.140 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8 "AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3 "AVSRegistryCleaner_is1" = AVS Registry Cleaner version 2.2 "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt "ESET Online Scanner" = ESET Online Scanner v3 "F-Secure Product 444" = Max Security "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "RapidShare Manager" = RapidShare Manager "TurboTax 2011" = TurboTax 2011 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/17/2012 4:22:19 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 6/17/2012 6:48:56 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 6/17/2012 6:48:56 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 6/17/2012 6:49:01 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 6/17/2012 8:05:35 AM | Computer Name = Owner-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 1 2012-06-17 08:05:35-04:00 OWNER-PC Owner-PC\Owner F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Application.Generic.402655 Object: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Error - 6/17/2012 8:16:32 AM | Computer Name = Owner-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 2 2012-06-17 08:16:31-04:00 OWNER-PC Owner-PC\Owner F-Secure Anti-Virus Spyware detected: Type: riskware Family: Name: Application.Generic.402655 Object: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Error - 6/18/2012 5:10:57 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/18/2012 1:30:23 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/19/2012 12:23:08 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/19/2012 1:32:27 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ System Events ] Error - 6/26/2012 11:28:43 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = Error - 6/26/2012 11:41:43 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: 93701173 Error - 6/26/2012 11:42:40 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = Error - 6/26/2012 12:00:01 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: 93701173 Error - 6/26/2012 12:00:59 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = Error - 6/26/2012 12:11:51 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: 93701173 Error - 6/26/2012 12:12:49 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = Error - 6/26/2012 1:57:54 PM | Computer Name = Owner-PC | Source = F-Secure Gatekeeper | ID = 327681 Description = Error - 6/26/2012 5:17:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: 93701173 Error - 6/26/2012 5:18:08 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = < End of report >
-
Teatimer must be left over from when I tried spybot to remove malware. I had uninstalled spybot after the attempt using windows uninstaller. I can not access spybot without reinstalling. Can you give me direction on how to uninstall or delete teatimer with or without reinstalling spybot? I also noticed that there is other left over files from spybot and eset online scanner. My two active virus/malware programs are Malwarebytes Pro and F-Secure (also known as Max Security) anything else you see can be uninstalled if you tell me how. Thank you for your help.
-
I have run multiple scans, with malwarebytes pro, f secure max security, s d spybot, superanitspyware, eset online and others, Sometime they pick up incredibar files and delete them. After that computer will run fine for hours or days then acts infected again. I have had it running correctly about 5 differant times in the last 2 weeks. Computer is a toshiba satelite c665dm amd e350 1.60 ghz processer, 8 g ram, 64 bit windows 7 home premium. My internet runs at about 3000 k normally, it has been running around 400k with the infection. Does not make any difference whether I use wireless or wired. I have two other laptops and they are running at 3000 k+. I mainly use firefox as my browser, it has been going into the not responding mode alot, I have deleted and reinstalled firefox with no changes. My adobe flash has also been crashing, it also has been reinstalled. Now anytime I disable my main security (F secure Max) (had to to run e set online scanner) Google chrome automaticly installs and makes itself my default browser. requested files are below. Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.26.06 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Owner :: OWNER-PC [administrator] Protection: Enabled 6/26/2012 1:38:13 PM mbam-log-2012-06-26 (13-38-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205801 Time elapsed: 3 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by Owner at 13:47:10 on 2012-06-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.5537 [GMT -4:00] . AV: Max Security 9.17 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} SP: Max Security 9.17 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Max Security 9.17 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Frontier\Security\Anti-Virus\FSGK32.EXE C:\windows\system32\taskhost.exe C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Frontier\Security\Common\FSHDLL32.EXE C:\windows\System32\svchost.exe -k HPZ12 C:\windows\System32\svchost.exe -k HPZ12 C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files (x86)\Frontier\Security\Common\FSHDLL64.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe C:\Program Files (x86)\Frontier\Security\FWES\Program\fsdfwd.exe C:\Program Files (x86)\Frontier\Security\Anti-Virus\fssm32.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Elantech\ETDCtrlHelper.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Frontier\Security\Spam Control\fsscoepl_x64.exe C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsav32.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Users\Owner\AppData\Local\Temp\SUPERSetup\SAS_LaunchChromeSetup.exe C:\Users\Owner\AppData\Local\Temp\SUPERSetup\SupportCom_Chrome_v1.exe C:\Program Files (x86)\Google\googleupdatesetup_1.2.183.29.exe C:\Users\Owner\AppData\Local\Temp\GUM1E79.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\msiexec.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://start.toshiba.com/g/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:55253 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [F-Secure Manager] "C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE" /splash mRun: [F-Secure TNB] "C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.254.254 192.168.254.254 TCP: Interfaces\{2BE08BC4-E7DC-4552-99A3-483171EBF35B} : DhcpNameServer = 192.168.254.254 192.168.254.254 TCP: Interfaces\{43466DCC-1E51-4A9B-8351-B7CEAD2A04EA} : DhcpNameServer = 192.168.254.254 192.168.254.254 TCP: Interfaces\{43466DCC-1E51-4A9B-8351-B7CEAD2A04EA}\C696E6B6379737 : DhcpNameServer = 192.168.254.254 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll BHO-X64: LitmusBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE" /splash mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\ FF - prefs.js: browser.search.selectedEngine - Rapidshare FileFinder FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\10litmus-ff.dll FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\11litmus-ff.dll FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\12litmus-ff.dll FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\13litmus-ff.dll FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\6litmus-ff.dll FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\7litmus-ff.dll FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\8litmus-ff.dll FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\9litmus-ff.dll FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?] R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2011-8-11 42672] R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2012-3-30 60048] R1 FSES;F-Secure Email Scanning Driver;C:\windows\system32\drivers\fses.sys --> C:\windows\system32\drivers\fses.sys [?] R1 FSFW;F-Secure Firewall Driver;C:\windows\system32\drivers\fsdfw.sys --> C:\windows\system32\drivers\fsdfw.sys [?] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2012-3-30 15024] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?] R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe [2012-3-30 221872] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-14 654408] R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-3-30 199848] R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-3-30 61088] R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] RUnknown SASKUTIL;SASKUTIL; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-26 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-7-2 51576] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-06-26 16:20:12 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-06-26 16:05:47 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{18476433-70D0-4C79-ADC7-388D4F20554D}\mpengine.dll 2012-06-25 17:51:29 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-06-25 17:51:29 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-06-25 16:59:17 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll 2012-06-25 16:59:17 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll 2012-06-25 16:59:17 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll 2012-06-25 16:59:17 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll 2012-06-21 11:00:53 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-06-21 11:00:30 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-06-21 11:00:15 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-06-21 11:00:15 186752 ----a-w- C:\windows\System32\wuwebv.dll 2012-06-17 10:54:02 774144 ----a-w- C:\windows\SysWow64\htmlayout.dll 2012-06-17 07:00:59 2311680 ----a-w- C:\windows\System32\jscript9.dll 2012-06-17 07:00:59 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-06-17 07:00:57 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll 2012-06-17 07:00:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll 2012-06-17 07:00:57 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll 2012-06-17 07:00:57 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll 2012-06-17 02:01:17 -------- d-----w- C:\Program Files (x86)\ESET 2012-06-17 01:53:55 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe 2012-06-17 01:53:55 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-06-17 01:53:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-06-17 01:52:55 3146752 ----a-w- C:\windows\System32\win32k.sys 2012-06-17 01:52:42 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-06-17 01:52:40 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-06-17 01:52:38 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-06-17 01:52:34 209920 ----a-w- C:\windows\System32\profsvc.dll 2012-06-17 01:52:26 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-06-17 01:50:44 3216384 ----a-w- C:\windows\System32\msi.dll 2012-06-17 01:50:43 2342400 ----a-w- C:\windows\SysWow64\msi.dll 2012-06-17 01:50:17 1462272 ----a-w- C:\windows\System32\crypt32.dll 2012-06-17 01:50:16 184320 ----a-w- C:\windows\System32\cryptsvc.dll 2012-06-17 01:50:16 140288 ----a-w- C:\windows\System32\cryptnet.dll 2012-06-17 01:50:16 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll 2012-06-17 01:50:15 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2012-06-17 01:50:15 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2012-06-17 01:09:47 -------- d-----w- C:\Users\Owner\AppData\Roaming\Wireshark 2012-06-13 11:44:30 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia 2012-06-11 23:49:30 -------- d-----w- C:\ProgramData\Axara 2012-06-11 23:47:07 -------- d-----w- C:\Program Files (x86)\Common Files\Axara 2012-06-11 17:49:58 -------- d-----w- C:\windows\SysWow64\kodak 2012-06-11 17:05:21 -------- d-----w- C:\Program Files (x86)\Kodak 2012-06-11 13:22:33 -------- d-----w- C:\Program Files\Web Assistant 2012-06-11 13:18:41 -------- d-----w- C:\Program Files (x86)\1ClickDownload 2012-06-09 14:19:23 -------- d-----w- C:\Users\Owner\AppData\Local\Eastman_Kodak_Company 2012-06-09 14:17:29 -------- d-----w- C:\Users\Owner\AppData\Local\Eastman Kodak Company 2012-06-09 14:09:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\Temp 2012-06-09 14:09:43 -------- d-----w- C:\ProgramData\Kodak 2012-06-05 14:53:33 -------- d-----w- C:\Users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_ 2012-06-05 12:39:11 -------- d-----w- C:\Users\Owner\The_Over-the-Hill_Gang__1969_ . ==================== Find3M ==================== . 2012-06-23 21:12:55 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-23 21:12:55 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-05-09 11:49:29 55960 ----a-w- C:\windows\System32\drivers\fsbts.sys 2012-04-04 22:47:08 772504 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-04-04 22:47:02 687504 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-04-04 19:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys . ============= FINISH: 13:48:43.56 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/30/2011 12:13:23 PM System Uptime: 6/26/2012 12:11:22 PM (1 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: AMD E-350 Processor | Socket FT1 | 800/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 285 GiB total, 124.327 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Deskjet F4500 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Deskjet F4500 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP137: 6/16/2012 9:26:04 PM - Restore Operation RP138: 6/16/2012 9:50:54 PM - Windows Update RP139: 6/17/2012 3:00:16 AM - Windows Update RP140: 6/18/2012 5:44:21 AM - AVS Registry Cleaner First Launch RP141: 6/18/2012 5:47:18 AM - Backup_2012_06_18 RP142: 6/19/2012 7:29:59 AM - Backup_2012_06_19 RP143: 6/21/2012 6:59:39 AM - Windows Update RP144: 6/22/2012 5:16:37 AM - Windows Update RP145: 6/25/2012 9:38:58 PM - Restore Operation RP146: 6/25/2012 9:50:22 PM - Windows Update RP147: 6/25/2012 10:05:06 PM - Windows Update RP148: 6/26/2012 11:54:21 AM - Restore Operation RP149: 6/26/2012 12:04:54 PM - Windows Update . ==== Installed Programs ====================== . . Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) MUI Angry Birds Rio Angry Birds Seasons Angry Birds Space Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver AVS Audio Converter 7 AVS Audio Editor 7.1 AVS Audio Recorder version 4.0 AVS Cover Editor 2.0.1.3 AVS Disc Creator 5 AVS Document Converter 2.1.2 AVS DVD Authoring AVS DVD Copy version 4.1.2 AVS Image Converter 2.1.2.169 AVS Media Player 4.1.8.93 AVS Photo Editor AVS Registry Cleaner version 2.2 AVS Ringtone Maker version 1.6 AVS Screen Capture version 2.0.1 AVS Update Manager 1.0 AVS Video Converter 8 AVS Video Editor 6 AVS Video Recorder 2.4 AVS Video ReMaker 4.0.8.140 AVS4YOU Software Navigator 1.4 calibre Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Coupon Printer for Windows D3DX10 DJ_AIO_06_F4500_SW_MIN DVDFab 8.1.7.8 (17/04/2012) Qt ESET Online Scanner v3 Google Chrome Google Update Helper Java Auto Updater Java™ 6 Update 29 Java™ 7 Update 4 JavaFX 2.1.0 Junk Mail filter update Label@Once 1.0 Malwarebytes Anti-Malware version 1.61.0.1400 Max Security Mesh Runtime Microsoft Office 2010 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 9.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PlayReady PC Runtime x86 RapidShare Manager Realtek USB 2.0 Card Reader Realtek WLAN Driver Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Toolbox TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application ToshibaRegistration TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wnyiper TurboTax 2011 wrapper Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 93701173 6/26/2012 12:12:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/26/2012 12:11:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: 6/26/2012 11:26:04 AM, Error: F-Secure Gatekeeper [1] - 6/22/2012 11:56:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 6/20/2012 9:41:30 AM, Error: volsnap [27] - The shadow copies of volume G: were aborted during detection because a critical control file could not be opened. 6/20/2012 9:40:48 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4. . ==== End Of File ===========================
-
MWB won't find xp internet security 2010
dragon8161 replied to dragon8161's topic in Resolved Malware Removal Logs
Got it Excluded quarantined file, now shows no threats, Thank you for all your help. -
MWB won't find xp internet security 2010
dragon8161 replied to dragon8161's topic in Resolved Malware Removal Logs
I understand that you now think they are false positives, what should I do. Report them to CA? Can I make scanner ignore them? Tried but scanner wants to know what file to ignore. -
MWB won't find xp internet security 2010
dragon8161 replied to dragon8161's topic in Resolved Malware Removal Logs
What should I try next? -
MWB won't find xp internet security 2010
dragon8161 replied to dragon8161's topic in Resolved Malware Removal Logs
Yes full scan and quick scan in normal mode still show 6 threats -
MWB won't find xp internet security 2010
dragon8161 replied to dragon8161's topic in Resolved Malware Removal Logs
Did it 6 threats: CA log below 5/12/2010 8:19:33 AM 6 XP Internet Security 2010 software\classes\.exe 3 993 0 XP Internet Security 2010 3 993 3 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe 3 993 0 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command 3 993 0 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command 3 993 0 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command 3 993 0 -
MWB won't find xp internet security 2010
dragon8161 replied to dragon8161's topic in Resolved Malware Removal Logs
SREng ran, CA quick scan 6 threats still. -
MWB won't find xp internet security 2010
dragon8161 replied to dragon8161's topic in Resolved Malware Removal Logs
Stopzilla off exehelper run log below, ca quick scan in normal mode still has 6 threats exeHelper by Raktor Build 20100414 Run at 14:04:08 on 05/09/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- exeHelper by Raktor Build 20100414 Run at 08:07:52 on 05/10/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- exeHelper by Raktor Build 20100414 Run at 11:20:21 on 05/10/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- exeHelper by Raktor Build 20100414 Run at 14:01:34 on 05/11/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- -
MWB won't find xp internet security 2010
dragon8161 replied to dragon8161's topic in Resolved Malware Removal Logs
I ran a full scan in safe mode it comes back with 0 infected files it does not create a log because it did not find anything. A quick scan in safe mode comes back with the 6 infected files. A full and quick scan in normal mode both come back with the 6 infected files. -
MWB won't find xp internet security 2010
dragon8161 replied to dragon8161's topic in Resolved Malware Removal Logs
rebooted and now will let me run scan in normal mode will try safe mode after normal mode scan is finished. -
MWB won't find xp internet security 2010
dragon8161 replied to dragon8161's topic in Resolved Malware Removal Logs
Would not start full scan in safe mode, after trying I tried to restart computer and had a systems crash, windows repair start up and now am back in normal mode. Tried to do full scan in normal mode and it will not start.