dragon8161
-
Posts
52 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by dragon8161
-
-
Scan completed no threats detected, no threat log created, only one log created auto log to large to post attached in rar file.
-
Eset online scanner completed, 6+ hours said nothing found, could not find scanner log, below is the only log that was inside eset online scanner file.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
-
Yes I let spybot remove those entries, sorry if I gave you the impression that I was asking for help with my internet speed. I was just pointing out that two of the symptoms, I thought were caused by incredibar are now being reported on mozilla forums as programing conflicts. I am happy that you are helping me and will continue to follow your directions until you declare my computer safe. combofix log is posted below
ComboFix 12-06-28.03 - Owner 06/30/2012 8:31.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6202 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Max Security 9.17 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Max Security 9.17 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Max Security 9.17 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 12:41 . 2012-06-30 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 09:05 . 2012-06-30 09:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4B9BA93-C968-49EF-AF15-791B593C1B1A}\offreg.dll
2012-06-30 00:30 . 2012-06-30 00:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-30 00:30 . 2012-06-30 00:30 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 12:18 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4B9BA93-C968-49EF-AF15-791B593C1B1A}\mpengine.dll
2012-06-27 18:13 . 2012-06-27 18:13 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-27 18:13 . 2012-06-27 18:13 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-27 18:13 . 2012-06-27 18:13 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-27 16:07 . 2012-06-27 16:07 -------- d-----w- C:\_OTL
2012-06-25 16:59 . 2012-06-27 18:13 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-06-25 16:59 . 2012-06-27 18:13 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-06-25 16:59 . 2012-06-27 18:13 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-06-21 11:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 11:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 11:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 11:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 11:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 11:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 11:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 11:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 11:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 10:54 . 2010-05-27 16:32 774144 ----a-w- c:\windows\SysWow64\htmlayout.dll
2012-06-17 07:00 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-17 07:00 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-17 07:00 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-17 07:00 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-17 07:00 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-17 07:00 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-06-17 01:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-17 01:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-17 01:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-17 01:52 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-17 01:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-17 01:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-17 01:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-17 01:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-17 01:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-17 01:50 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-17 01:50 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-17 01:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-17 01:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-17 01:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-17 01:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-17 01:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-17 01:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-17 01:09 . 2012-06-17 01:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Wireshark
2012-06-13 11:44 . 2012-06-13 11:44 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
2012-06-11 23:49 . 2012-06-11 23:49 -------- d-----w- c:\programdata\Axara
2012-06-11 23:47 . 2012-06-11 23:55 -------- d-----w- c:\program files (x86)\Common Files\Axara
2012-06-11 17:49 . 2012-06-17 01:33 -------- d-----w- c:\windows\SysWow64\kodak
2012-06-11 17:05 . 2012-06-17 01:34 -------- d-----w- c:\program files (x86)\Kodak
2012-06-11 13:22 . 2012-06-11 16:36 -------- d-----w- c:\program files\Web Assistant
2012-06-11 13:18 . 2012-06-11 13:43 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-06-09 14:19 . 2012-06-17 01:34 -------- d-----w- c:\users\Owner\AppData\Local\Eastman_Kodak_Company
2012-06-09 14:17 . 2012-06-09 14:17 -------- d-----w- c:\users\Owner\AppData\Local\Eastman Kodak Company
2012-06-09 14:09 . 2012-06-17 01:34 -------- d-----w- c:\programdata\Kodak
2012-06-05 14:53 . 2012-06-05 14:53 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_
2012-06-05 12:39 . 2012-06-05 12:39 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang__1969_
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 11:49 . 2012-05-09 11:49 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-04-04 22:47 . 2012-05-10 13:42 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 22:47 . 2011-03-30 02:48 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2012-03-30 21:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-28_15.46.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-30 00:33 57054 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-30 00:33 52316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-31 16:26 . 2012-06-30 00:33 13440 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2493216118-4062180646-4280587544-1000_UserData.bin
+ 2012-06-30 00:31 . 2012-06-30 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-28 15:13 . 2012-06-28 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-30 00:31 . 2012-06-30 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-28 15:13 . 2012-06-28 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-30 00:30 . 2012-06-30 00:30 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-06-30 00:30 . 2012-06-30 00:30 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-07-30 21:23 . 2012-06-29 01:33 238008 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-06-27 16:05 649202 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-30 11:40 649202 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-30 11:40 116760 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-27 16:05 116760 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-30 00:30 268100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-28 12:35 268100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-30 00:30 . 2012-06-30 00:30 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
- 2011-08-11 20:08 . 2012-06-28 02:04 1858628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-4096.dat
+ 2011-08-11 20:08 . 2012-06-30 00:30 1858628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-4096.dat
- 2011-07-31 21:34 . 2012-06-28 12:35 28940144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-8192.dat
+ 2011-07-31 21:34 . 2012-06-30 00:30 28940144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"F-Secure Manager"="c:\program files (x86)\Frontier\Security\Common\FSM32.EXE" [2011-09-26 201392]
"F-Secure TNB"="c:\program files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" [2011-09-26 1655472]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 93701173;93701173;c:\windows\system32\DRIVERS\93701173.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-03-30 61088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-29 82816]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-05-09 55960]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2011-09-26 60048]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-26 46672]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-09-26 94320]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2011-09-26 15024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: c:\program files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-30 08:44:42
ComboFix-quarantined-files.txt 2012-06-30 12:44
ComboFix2.txt 2012-06-29 18:43
ComboFix3.txt 2012-06-28 15:51
.
Pre-Run: 128,067,244,032 bytes free
Post-Run: 128,023,023,616 bytes free
.
- - End Of File - - B08370346159E6C2482563EB413E6C90
-
Sorry posted same pic twice, this is the spybot scan from the 25th
-
That file does not appear to exsit, I did checked and show hidden files is on.
My wifes laptop started to act up, firefox running slow, I googled and I now see alot of firefox users complaining, firefox and adobe flash player and some firefox addons not agreeing with each other causing slow internet speeds. This could be my problem. Even though spybot found incredibar and deleted it. I had to take my wife firefox back to version 3.6.XX to get the speeds back up. That version is no longer susported and does occasionly crash. So I download Google Chrome for her laptop. I have not changed anything on this laptop and will not do so until you tell me it is safe to do so.
spybot scan done on the 25th
-
Should have mentioned ran speedtest using EI 3047 k thank you for all your help so far.
-
Ran all scans, tried speed test after 426 k, also firefox went into unresponsive mode for 15 seconds then loaded.
ComboFix 12-06-28.03 - Owner 06/29/2012 14:30:38.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6106 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Max Security 9.17 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Max Security 9.17 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Max Security 9.17 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-29 18:39 . 2012-06-29 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-29 12:18 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4B9BA93-C968-49EF-AF15-791B593C1B1A}\mpengine.dll
2012-06-27 18:13 . 2012-06-27 18:13 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-27 18:13 . 2012-06-27 18:13 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-27 18:13 . 2012-06-27 18:13 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-27 16:07 . 2012-06-27 16:07 -------- d-----w- C:\_OTL
2012-06-25 16:59 . 2012-06-27 18:13 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-06-25 16:59 . 2012-06-27 18:13 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-06-25 16:59 . 2012-06-27 18:13 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-06-21 11:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 11:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 11:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 11:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 11:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 11:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 11:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 11:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 11:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 10:54 . 2010-05-27 16:32 774144 ----a-w- c:\windows\SysWow64\htmlayout.dll
2012-06-17 07:00 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-17 07:00 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-17 07:00 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-17 07:00 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-17 07:00 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-17 07:00 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-06-17 01:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-17 01:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-17 01:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-17 01:52 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-17 01:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-17 01:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-17 01:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-17 01:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-17 01:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-17 01:50 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-17 01:50 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-17 01:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-17 01:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-17 01:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-17 01:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-17 01:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-17 01:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-17 01:09 . 2012-06-17 01:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Wireshark
2012-06-13 11:44 . 2012-06-13 11:44 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
2012-06-11 23:49 . 2012-06-11 23:49 -------- d-----w- c:\programdata\Axara
2012-06-11 23:47 . 2012-06-11 23:55 -------- d-----w- c:\program files (x86)\Common Files\Axara
2012-06-11 17:49 . 2012-06-17 01:33 -------- d-----w- c:\windows\SysWow64\kodak
2012-06-11 17:05 . 2012-06-17 01:34 -------- d-----w- c:\program files (x86)\Kodak
2012-06-11 13:22 . 2012-06-11 16:36 -------- d-----w- c:\program files\Web Assistant
2012-06-11 13:18 . 2012-06-11 13:43 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-06-09 14:19 . 2012-06-17 01:34 -------- d-----w- c:\users\Owner\AppData\Local\Eastman_Kodak_Company
2012-06-09 14:17 . 2012-06-09 14:17 -------- d-----w- c:\users\Owner\AppData\Local\Eastman Kodak Company
2012-06-09 14:09 . 2012-06-17 01:34 -------- d-----w- c:\programdata\Kodak
2012-06-05 14:53 . 2012-06-05 14:53 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_
2012-06-05 12:39 . 2012-06-05 12:39 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang__1969_
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-26 20:36 . 2012-04-01 17:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-26 20:36 . 2011-11-10 15:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 11:49 . 2012-05-09 11:49 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-04-04 22:47 . 2012-05-10 13:42 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 22:47 . 2011-03-30 02:48 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2012-03-30 21:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-28_15.46.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-29 16:44 56990 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-29 16:44 52120 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-31 16:26 . 2012-06-29 16:44 13432 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2493216118-4062180646-4280587544-1000_UserData.bin
- 2012-06-28 15:13 . 2012-06-28 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-29 16:42 . 2012-06-29 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-28 15:13 . 2012-06-28 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-29 16:42 . 2012-06-29 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-30 21:23 . 2012-06-29 01:33 238008 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-29 16:47 649202 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-27 16:05 649202 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-29 16:47 116760 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-27 16:05 116760 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-28 12:35 268100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-29 16:00 268100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-31 21:34 . 2012-06-29 16:00 28940144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-8192.dat
- 2011-07-31 21:34 . 2012-06-28 12:35 28940144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"F-Secure Manager"="c:\program files (x86)\Frontier\Security\Common\FSM32.EXE" [2011-09-26 201392]
"F-Secure TNB"="c:\program files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" [2011-09-26 1655472]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 93701173;93701173;c:\windows\system32\DRIVERS\93701173.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 257224]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-03-30 61088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-29 82816]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-05-09 55960]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2011-09-26 60048]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-26 46672]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-09-26 94320]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2011-09-26 15024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:55253
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: c:\program files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-29 14:43:33
ComboFix-quarantined-files.txt 2012-06-29 18:43
ComboFix2.txt 2012-06-28 15:51
.
Pre-Run: 129,553,760,256 bytes free
Post-Run: 129,271,230,464 bytes free
.
- - End Of File - - 81C672818B5055C41C0E521B65CB8655
MiniToolBox by Farbar Version: 25-06-2012
Ran by Owner (administrator) on 29-06-2012 at 15:04:41
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
ProxyServer: http=127.0.0.1:55253
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.invalid
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain.invalid
Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 00-26-6C-C8-B0-68
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : domain.invalid
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : E0-CA-94-0A-CA-F7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::111e:b69d:3174:c946%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.254.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 29, 2012 12:42:36 PM
Lease Expires . . . . . . . . . . : Monday, August 05, 2148 9:33:16 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.254.254
DHCPv6 IAID . . . . . . . . . . . : 249612948
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-A1-87-EB-E0-CA-94-0A-CA-F7
DNS Servers . . . . . . . . . . . : 192.168.254.254
192.168.254.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.domain.invalid:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain.invalid
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.254.254
Name: google.com
Addresses: 2607:f8b0:4004:801::1002
74.125.228.39
74.125.228.40
74.125.228.41
74.125.228.46
74.125.228.32
74.125.228.33
74.125.228.34
74.125.228.35
74.125.228.36
74.125.228.37
74.125.228.38
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 192.168.254.254
Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70
Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 192.168.254.254
Name: bleepingcomputer.com
Address: 208.43.87.2
Ping request could not find host bleepingcomputer.com. Please check the name and try again.
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=6ms TTL=128
Reply from 127.0.0.1: bytes=32 time=6ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 6ms, Maximum = 6ms, Average = 6ms
===========================================================================
Interface List
12...00 26 6c c8 b0 68 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
11...e0 ca 94 0a ca f7 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.254.0 255.255.255.0 On-link 192.168.254.2 281
192.168.254.2 255.255.255.255 On-link 192.168.254.2 281
192.168.254.255 255.255.255.255 On-link 192.168.254.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.254.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.254.2 286
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 286 fe80::/64 On-link
11 286 fe80::111e:b69d:3174:c946/128
On-link
1 306 ff00::/8 On-link
11 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)
Catalog9 02 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)
Catalog9 03 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)
Catalog9 04 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)
Catalog9 05 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)
Catalog9 06 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)
x64-Catalog9 02 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)
x64-Catalog9 03 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)
x64-Catalog9 04 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)
x64-Catalog9 05 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)
x64-Catalog9 06 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 17 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (06/29/2012 00:44:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/29/2012 11:20:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/29/2012 08:14:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/28/2012 04:30:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/28/2012 11:15:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/28/2012 08:27:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/28/2012 08:16:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/27/2012 09:30:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/27/2012 04:22:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/27/2012 03:06:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/29/2012 02:39:44 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (06/29/2012 02:35:28 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (06/29/2012 00:43:45 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (06/29/2012 00:42:45 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
93701173
Error: (06/29/2012 11:19:56 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (06/29/2012 11:19:13 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
93701173
Error: (06/29/2012 08:14:02 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (06/29/2012 08:13:08 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
93701173
Error: (06/28/2012 04:29:47 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (06/28/2012 04:29:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
93701173
Microsoft Office Sessions:
=========================
Error: (06/29/2012 00:44:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/29/2012 11:20:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/29/2012 08:14:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/28/2012 04:30:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/28/2012 11:15:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/28/2012 08:27:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/28/2012 08:16:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/27/2012 09:30:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/27/2012 04:22:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/27/2012 03:06:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 6.2.2)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader X (10.1.3) MUI (Version: 10.1.3)
Angry Birds Rio (Version: 1.4.2)
Angry Birds Seasons (Version: 2.2.0)
Angry Birds Space (Version: 1.0.0)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
ATI Catalyst Install Manager (Version: 3.0.808.0)
AVS Audio Converter 7
AVS Audio Editor 7.1
AVS Audio Recorder version 4.0
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5
AVS Document Converter 2.1.2
AVS DVD Authoring
AVS DVD Copy version 4.1.2
AVS Image Converter 2.1.2.169
AVS Media Player 4.1.8.93
AVS Photo Editor
AVS Registry Cleaner version 2.2
AVS Ringtone Maker version 1.6
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.4
AVS Video ReMaker 4.0.8.140
AVS4YOU Software Navigator 1.4
Best Buy pc app (Version: 3.0.0.0)
calibre (Version: 0.8.15)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0216.726.13233)
Catalyst Control Center InstallProxy (Version: 2011.0216.726.13233)
Catalyst Control Center Localization All (Version: 2011.0216.726.13233)
ccc-core-static (Version: 2011.0216.726.13233)
ccc-utility64 (Version: 2011.0216.726.13233)
CCC Help Chinese Standard (Version: 2011.0216.0725.13233)
CCC Help Chinese Traditional (Version: 2011.0216.0725.13233)
CCC Help Czech (Version: 2011.0216.0725.13233)
CCC Help Danish (Version: 2011.0216.0725.13233)
CCC Help Dutch (Version: 2011.0216.0725.13233)
CCC Help English (Version: 2011.0216.0725.13233)
CCC Help Finnish (Version: 2011.0216.0725.13233)
CCC Help French (Version: 2011.0216.0725.13233)
CCC Help German (Version: 2011.0216.0725.13233)
CCC Help Greek (Version: 2011.0216.0725.13233)
CCC Help Hungarian (Version: 2011.0216.0725.13233)
CCC Help Italian (Version: 2011.0216.0725.13233)
CCC Help Japanese (Version: 2011.0216.0725.13233)
CCC Help Korean (Version: 2011.0216.0725.13233)
CCC Help Norwegian (Version: 2011.0216.0725.13233)
CCC Help Polish (Version: 2011.0216.0725.13233)
CCC Help Portuguese (Version: 2011.0216.0725.13233)
CCC Help Russian (Version: 2011.0216.0725.13233)
CCC Help Spanish (Version: 2011.0216.0725.13233)
CCC Help Swedish (Version: 2011.0216.0725.13233)
CCC Help Thai (Version: 2011.0216.0725.13233)
CCC Help Turkish (Version: 2011.0216.0725.13233)
CCleaner (Version: 3.17)
Conexant HD Audio (Version: 8.54.1.0)
Coupon Printer for Windows (Version: 5.0.0.1)
D3DX10 (Version: 15.4.2368.0902)
DJ_AIO_06_F4500_SW_MIN (Version: 140.0.690.000)
DVDFab 8.1.7.8 (17/04/2012) Qt
ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0)
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (Version: 14.0)
Java Auto Updater (Version: 2.1.6.0)
Java 6 Update 29 (Version: 6.0.290)
Java 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Max Security
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network64 (Version: 140.0.215.000)
Notepad2 (Notepad Replacement) (Version: 4.2.25 )
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
RapidShare Manager (Version: 0.1)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30124)
Realtek WLAN Driver (Version: 2.00.0016)
Scan (Version: 140.0.80.000)
Toolbox (Version: 140.0.428.000)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 4.02.02)
Toshiba Book Place (Version: 2.2.6775)
TOSHIBA Bulletin Board (Version: 1.6.08.64)
TOSHIBA Disc Creator (Version: 2.1.0.4 for x64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Hardware Setup (Version: 2.00.14)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA Media Controller (Version: 1.0.80.8.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.3.5109)
TOSHIBA ReelTime (Version: 1.7.16.64)
TOSHIBA Service Station (Version: 2.1.45)
TOSHIBA Supervisor Password (Version: 2.00.07)
TOSHIBA Value Added Package (Version: 1.3.22.64)
TOSHIBA Web Camera Application (Version: 2.0.1.1)
ToshibaRegistration (Version: 1.0.4)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2675)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0436)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0210)
TurboTax 2011 wnyiper (Version: 011.000.1375)
TurboTax 2011 wrapper (Version: 011.000.0120)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver (Version: 4.01.0)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
========================= Devices: ================================
Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
========================= Memory info: ===================================
Percentage of memory in use: 23%
Total physical RAM: 7782.87 MB
Available physical RAM: 5925.57 MB
Total Pagefile: 15563.93 MB
Available Pagefile: 13703.11 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.12 MB
========================= Partitions: =====================================
1 Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:120.42 GB) NTFS
========================= Users: ========================================
User accounts for \\OWNER-PC
Administrator Guest Owner
========================= Minidump Files ==================================
No minidump file found
**** End of log ****
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-29 15:08:21
-----------------------------
15:08:21.713 OS Version: Windows x64 6.1.7601 Service Pack 1
15:08:21.713 Number of processors: 2 586 0x100
15:08:21.713 ComputerName: OWNER-PC UserName: Owner
15:08:23.460 Initialize success
15:08:31.022 AVAST engine download error: 0
15:08:33.861 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
15:08:33.877 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 11
15:08:33.893 Disk 0 MBR read successfully
15:08:33.908 Disk 0 MBR scan
15:08:33.924 Disk 0 Windows VISTA default MBR code
15:08:33.939 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:08:33.955 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292137 MB offset 3074048
15:08:33.986 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11607 MB offset 601370624
15:08:34.049 Disk 0 scanning C:\windows\system32\drivers
15:08:41.271 Service scanning
15:09:16.902 Modules scanning
15:09:16.917 Disk 0 trace - called modules:
15:09:16.964 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
15:09:17.495 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007175660]
15:09:17.510 3 CLASSPNP.SYS[fffff880019c943f] -> nt!IofCallDriver -> [0xfffffa8006c04040]
15:09:17.526 5 amd_xata.sys[fffff880010918b4] -> nt!IofCallDriver -> \Device\00000067[0xfffffa8006c006f0]
15:09:17.541 Scan finished successfully
15:09:39.194 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
15:09:39.210 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
-
combofix completed log below
ComboFix 12-06-28.01 - Owner 06/28/2012 11:37:45.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6179 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Max Security 9.17 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Max Security 9.17 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Max Security 9.17 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\159A.137
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 15:46 . 2012-06-28 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 18:13 . 2012-06-27 18:13 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-27 18:13 . 2012-06-27 18:13 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-27 18:13 . 2012-06-27 18:13 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-27 16:07 . 2012-06-27 16:07 -------- d-----w- C:\_OTL
2012-06-26 16:05 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18476433-70D0-4C79-ADC7-388D4F20554D}\mpengine.dll
2012-06-25 16:59 . 2012-06-27 18:13 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-06-25 16:59 . 2012-06-27 18:13 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-06-25 16:59 . 2012-06-27 18:13 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-06-21 11:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 11:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 11:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 11:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 11:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 11:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 11:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 11:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 11:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 10:54 . 2010-05-27 16:32 774144 ----a-w- c:\windows\SysWow64\htmlayout.dll
2012-06-17 07:00 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-17 07:00 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-17 07:00 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-17 07:00 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-17 07:00 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-17 07:00 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-06-17 01:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-17 01:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-17 01:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-17 01:52 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-17 01:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-17 01:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-17 01:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-17 01:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-17 01:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-17 01:50 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-17 01:50 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-17 01:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-17 01:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-17 01:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-17 01:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-17 01:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-17 01:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-17 01:09 . 2012-06-17 01:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Wireshark
2012-06-13 11:44 . 2012-06-13 11:44 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
2012-06-11 23:49 . 2012-06-11 23:49 -------- d-----w- c:\programdata\Axara
2012-06-11 23:47 . 2012-06-11 23:55 -------- d-----w- c:\program files (x86)\Common Files\Axara
2012-06-11 17:49 . 2012-06-17 01:33 -------- d-----w- c:\windows\SysWow64\kodak
2012-06-11 17:05 . 2012-06-17 01:34 -------- d-----w- c:\program files (x86)\Kodak
2012-06-11 13:22 . 2012-06-11 16:36 -------- d-----w- c:\program files\Web Assistant
2012-06-11 13:18 . 2012-06-11 13:43 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-06-09 14:19 . 2012-06-17 01:34 -------- d-----w- c:\users\Owner\AppData\Local\Eastman_Kodak_Company
2012-06-09 14:17 . 2012-06-09 14:17 -------- d-----w- c:\users\Owner\AppData\Local\Eastman Kodak Company
2012-06-09 14:09 . 2012-06-17 01:34 -------- d-----w- c:\programdata\Kodak
2012-06-05 14:53 . 2012-06-05 14:53 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_
2012-06-05 12:39 . 2012-06-05 12:39 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang__1969_
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-26 20:36 . 2012-04-01 17:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-26 20:36 . 2011-11-10 15:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 11:49 . 2012-05-09 11:49 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-04-04 22:47 . 2012-05-10 13:42 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 22:47 . 2011-03-30 02:48 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2012-03-30 21:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"F-Secure Manager"="c:\program files (x86)\Frontier\Security\Common\FSM32.EXE" [2011-09-26 201392]
"F-Secure TNB"="c:\program files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" [2011-09-26 1655472]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 93701173;93701173;c:\windows\system32\DRIVERS\93701173.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 257224]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-03-30 61088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-29 82816]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-05-09 55960]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2011-09-26 60048]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-26 46672]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-09-26 94320]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2011-09-26 15024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:55253
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: c:\program files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\
FF - prefs.js: browser.search.selectedEngine - Rapidshare FileFinder
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-28 11:51:06
ComboFix-quarantined-files.txt 2012-06-28 15:51
.
Pre-Run: 130,870,235,136 bytes free
Post-Run: 130,499,653,632 bytes free
.
- - End Of File - - C873DC5FF77729B07E811B61D4DD81BE
-
Got home this morning tried to use Firefox, went into the not responding mode, would not bring up task manager, would not close, had to do a hard shut down to exit.
-
Ran speed test on Firefox 512 k down, IE 3012 k down. Unloaded Max Security and Google Chrome did not autoload.Some progress but something is still using up bandwidth when using firefox.
-
OTL run fix completed fix log below
All processes killed
========== OTL ==========
========== OTL ==========
Prefs.js: firetorrent@radicalsoft.com:2.0.3 removed from extensions.enabledItems
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\MyStart Search.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner folder moved successfully.
C:\Program Files (x86)\ESET folder moved successfully.
C:\Program Files\SUPERAntiSpyware\Plugins folder moved successfully.
C:\Program Files\SUPERAntiSpyware\Language folder moved successfully.
C:\Program Files\SUPERAntiSpyware folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Snapshots2 folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Snapshots folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Excludes folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Backups folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Owner
->Temp folder emptied: 4435646 bytes
->Temporary Internet Files folder emptied: 11361341 bytes
->Java cache emptied: 1824737 bytes
->FireFox cache emptied: 69029519 bytes
->Flash cache emptied: 598 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1780103 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 84.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.53.0 log created on 06272012_120714
Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
-
step 1 I could not do
Step 2 done with negative results
Step 3 posted below
I also noted that it appears only firefox is effected so far, Internet Explore is still operation well, with speeds up to 3000k.
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.27.01
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
Protection: Enabled
6/26/2012 9:53:08 PM
mbam-log-2012-06-26 (21-53-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205931
Time elapsed: 3 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
OTL logfile created on: 6/26/2012 9:59:37 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.60 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 79.57% Memory free
15.20 Gb Paging File | 13.53 Gb Available in Paging File | 89.03% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.29 Gb Total Space | 124.21 Gb Free Space | 43.54% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/26 21:57:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/05/29 09:30:29 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fssm32.exe
PRC - [2012/05/29 09:30:28 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/30 17:07:55 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe
PRC - [2012/03/30 17:06:48 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsav32.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/26 11:53:24 | 000,201,392 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE
PRC - [2011/09/26 11:53:24 | 000,189,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE
PRC - [2011/09/26 11:53:24 | 000,090,800 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSHDLL32.EXE
PRC - [2011/09/26 11:52:10 | 000,221,872 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
========== Modules (No Company Name) ==========
MOD - [2011/09/26 11:53:50 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSPC\fspcfsm.eng
MOD - [2011/09/26 11:52:22 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\strres.eng
MOD - [2011/09/26 11:52:20 | 000,553,648 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\gres.dll
MOD - [2011/09/26 11:52:20 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\fsavures.eng
MOD - [2011/09/26 11:52:18 | 000,443,056 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\about.dll
MOD - [2011/09/26 11:52:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\flyerres.eng
MOD - [2011/09/26 11:52:18 | 000,090,800 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\aboutres.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/02/10 15:52:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 17:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/26 16:36:44 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/24 12:08:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/30 17:07:55 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/26 11:53:24 | 000,189,104 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2011/09/26 11:52:38 | 000,847,024 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/09/26 11:52:10 | 000,221,872 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/07/01 13:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/05/09 07:49:29 | 000,055,960 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/29 17:17:24 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/09/26 11:52:38 | 000,094,320 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2011/09/26 11:52:32 | 000,046,672 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 15:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/10 16:22:00 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/10 15:15:08 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 04:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 15:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/05 10:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/05 10:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/10/08 14:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 18:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/05/29 09:31:18 | 000,199,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011/09/26 11:53:16 | 000,060,048 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Frontier\Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2011/09/26 11:52:10 | 000,015,024 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2011/08/17 08:33:43 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\SearchScopes,DefaultScope = {193CE2D3-9E39-4216-9C24-A42A6DAF31E1}
IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_en
IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\SearchScopes\{193CE2D3-9E39-4216-9C24-A42A6DAF31E1}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55253
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Rapidshare FileFinder"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: firetorrent@radicalsoft.com:2.0.3
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.18
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com [2012/06/05 00:31:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/26 12:08:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/13 23:05:58 | 000,000,000 | ---D | M]
[2011/08/11 14:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/06/26 16:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions
[2012/03/30 00:17:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/02/12 09:11:41 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2012/05/19 18:12:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/06/11 09:21:43 | 000,002,203 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\MyStart Search.xml
[2011/10/06 17:49:38 | 000,001,115 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\rapidshare-filefinder.xml
[2012/06/26 12:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/05 00:31:33 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES (X86)\FRONTIER\SECURITY\NRS\LITMUS-FF@F-SECURE.COM
[2012/06/26 11:17:18 | 000,339,843 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/06/26 16:45:49 | 000,089,442 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI
[2012/06/11 10:13:15 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/05 09:54:57 | 000,015,675 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\REMEMBER-PASSWORDS@STANIMIR-STAMENKOV.ADDONS.MOZILLA.ORG.XPI
[2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/13 17:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/27 10:07:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/13 17:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE08BC4-E7DC-4552-99A3-483171EBF35B}: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43466DCC-1E51-4A9B-8351-B7CEAD2A04EA}: DhcpNameServer = 192.168.254.254 192.168.254.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{39b7ed5c-bacb-11e1-a2dc-00266cc8b068}\Shell - "" = AutoRun
O33 - MountPoints2\{39b7ed5c-bacb-11e1-a2dc-00266cc8b068}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e58a007c-c9cd-11e0-b4a8-00266cc8b068}\Shell - "" = AutoRun
O33 - MountPoints2\{e58a007c-c9cd-11e0-b4a8-00266cc8b068}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
O33 - MountPoints2\{ff9997ae-c448-11e0-8b0e-00266cc8b068}\Shell - "" = AutoRun
O33 - MountPoints2\{ff9997ae-c448-11e0-8b0e-00266cc8b068}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/26 21:57:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/06/26 13:35:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/06/26 12:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/25 13:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/25 13:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/17 06:54:02 | 000,774,144 | ---- | C] (Terra Informatica Software, Inc., British Columbia, Canada.) -- C:\windows\SysWow64\htmlayout.dll
[2012/06/16 22:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/16 21:09:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Wireshark
[2012/06/13 07:44:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2012/06/11 19:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Axara
[2012/06/11 19:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Axara
[2012/06/11 13:49:58 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\kodak
[2012/06/11 13:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak
[2012/06/11 09:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/06/11 09:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/06/09 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Eastman_Kodak_Company
[2012/06/09 10:17:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Eastman Kodak Company
[2012/06/09 10:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2012/06/09 10:09:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Temp
[2012/06/09 10:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/06/05 10:53:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_
[2012/06/05 08:39:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\The_Over-the-Hill_Gang__1969_
[2011/10/29 17:17:24 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/26 21:57:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/06/26 21:12:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/26 17:24:44 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 17:24:44 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 17:16:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/26 17:16:52 | 1825,726,463 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 13:35:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/06/26 12:08:32 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/26 12:08:31 | 000,002,067 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/25 14:22:01 | 000,185,726 | ---- | M] () -- C:\Users\Owner\Desktop\bookmarks-2012-06-25.json
[2012/06/25 14:11:27 | 000,162,856 | ---- | M] () -- C:\Users\Owner\Desktop\Untitled.jpg
[2012/06/25 12:58:22 | 000,007,607 | ---- | M] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
[2012/06/22 16:57:16 | 000,762,458 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/22 16:57:16 | 000,649,202 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/22 16:57:16 | 000,116,760 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/18 05:10:05 | 000,290,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/17 07:25:38 | 001,657,725 | ---- | M] () -- C:\Users\Owner\Documents\heatwave grilling guide rev2009.pdf
[2012/06/17 06:59:14 | 000,001,216 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Disc Creator.lnk
[2012/06/17 06:57:12 | 000,001,252 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Audio Converter.lnk
[2012/06/17 06:56:34 | 000,001,216 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Media Player.lnk
[2012/06/17 06:54:40 | 000,001,252 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Video Converter.lnk
[2012/06/16 15:39:14 | 000,822,419 | ---- | M] () -- C:\Users\Owner\AppData\Local\census.cache
[2012/06/16 15:38:55 | 000,105,430 | ---- | M] () -- C:\Users\Owner\AppData\Local\ars.cache
[2012/06/16 15:29:08 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2012/06/15 08:17:48 | 003,245,374 | ---- | M] () -- C:\Users\Owner\Documents\Netgear_7550_BHSI_Reference_Guide.pdf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/25 14:22:00 | 000,185,726 | ---- | C] () -- C:\Users\Owner\Desktop\bookmarks-2012-06-25.json
[2012/06/25 14:11:26 | 000,162,856 | ---- | C] () -- C:\Users\Owner\Desktop\Untitled.jpg
[2012/06/17 07:25:38 | 001,657,725 | ---- | C] () -- C:\Users\Owner\Documents\heatwave grilling guide rev2009.pdf
[2012/06/17 06:57:12 | 000,001,252 | ---- | C] () -- C:\Users\Owner\Desktop\AVS Audio Converter.lnk
[2012/06/17 06:56:34 | 000,001,216 | ---- | C] () -- C:\Users\Owner\Desktop\AVS Media Player.lnk
[2012/06/17 06:54:40 | 000,001,252 | ---- | C] () -- C:\Users\Owner\Desktop\AVS Video Converter.lnk
[2012/06/16 15:39:14 | 000,822,419 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache
[2012/06/16 15:38:55 | 000,105,430 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache
[2012/06/16 15:29:08 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2012/06/15 08:29:42 | 003,245,374 | ---- | C] () -- C:\Users\Owner\Documents\Netgear_7550_BHSI_Reference_Guide.pdf
[2012/05/06 11:54:19 | 000,000,005 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mbam.context.scan
[2012/04/04 13:06:41 | 000,007,607 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
[2012/02/10 10:13:58 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/27 10:47:48 | 000,023,978 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Notepad2.ini
[2012/01/11 09:14:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/12/23 00:01:50 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{A69A8F95-5AB0-457D-B177-10CF2AA32681}
[2011/10/29 17:17:24 | 000,099,384 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\inst.exe
[2011/10/29 17:17:24 | 000,007,859 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
[2011/10/29 17:17:24 | 000,001,167 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
[2011/08/24 15:52:39 | 000,008,104 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\159A.137
[2011/08/18 18:40:00 | 000,524,288 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011/08/18 18:40:00 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/08/11 16:07:38 | 000,042,672 | ---- | C] () -- C:\windows\SysWow64\drivers\fsbts.sys
[2011/08/11 16:06:57 | 000,777,242 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/08/11 15:33:42 | 000,173,326 | ---- | C] () -- C:\windows\hpoins46.dat
[2011/08/11 15:33:41 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat
[2011/07/02 22:09:56 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/07/02 22:03:54 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/07/02 22:01:20 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
========== LOP Check ==========
[2012/02/10 17:43:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\calibre
[2012/03/23 18:09:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rovio
[2012/06/09 10:09:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Temp
[2011/10/13 11:11:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thinstall
[2011/07/30 16:18:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2011/10/30 17:20:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2012/01/11 10:05:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vso
[2011/07/30 12:14:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2012/06/16 21:09:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wireshark
[2012/05/14 08:11:58 | 000,032,634 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 6/26/2012 9:59:37 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.60 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 79.57% Memory free
15.20 Gb Paging File | 13.53 Gb Available in Paging File | 89.03% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.29 Gb Total Space | 124.21 Gb Free Space | 43.54% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0325FBAE-4537-479F-A13F-55FC3F846C3B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{03DE67E1-672B-45A1-8373-04348F11114F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{03EE766B-E086-4D5B-8DF0-BF3B97F0BB9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08587E3D-EDB4-4DD2-B694-ED03300028D3}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{08D1FC44-7AD5-4EF9-BAC7-032AB33DE23C}" = lport=67 | protocol=17 | dir=in | name=dhcp server |
"{0DC7F033-549D-45EF-BE2B-067B8935AB77}" = rport=138 | protocol=17 | dir=out | app=system |
"{14AB2AF9-56FB-4FD4-A54A-B1F6A0546096}" = lport=138 | protocol=17 | dir=in | app=system |
"{16EA5E6A-F41F-4E7D-BD0E-9F22F2880584}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1ADD7169-E3B6-43C1-BC11-CF39D8A9A03E}" = rport=139 | protocol=6 | dir=out | app=system |
"{1D751C5E-19BD-4EE1-B074-D30B3C7140E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DE1DD9E-03C5-41DB-9312-F6946AFF1749}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{347867FA-6224-4438-8B0D-CEBD3FA74B56}" = lport=80 | protocol=6 | dir=in | app=system |
"{3640AA6F-A8B8-4042-B73A-85B8286C281F}" = rport=137 | protocol=17 | dir=out | app=system |
"{43805FE7-D3FD-45A4-88E2-0FCC8DE92654}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4645C308-2133-44A2-B6DE-9037A5AC82B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{4A8BEE2D-8097-4262-BFE7-31D8AEF167C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4EF62858-497E-4226-B51C-BCC89F1B7B30}" = lport=137 | protocol=17 | dir=in | app=system |
"{505D9248-1DC0-4F21-81A1-FF051421C364}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52DFF76B-B404-4F6D-8AD4-406F921CFC1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E2529D7-4F25-40D3-8ADC-DDE1137686DD}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{5FAA62C2-60E2-405B-8C36-DAD220C12259}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{60315EAE-99D8-4144-B45D-17DFFADE59B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{695FF8F5-C991-46C9-BE6F-E100793C2EBF}" = lport=139 | protocol=6 | dir=in | app=system |
"{8D2E385E-FA84-47F4-A045-D0BB81532997}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A2BA94E2-6EDC-46D0-88AD-6BFC2929EBF8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8B7E8E9-FF1B-43B0-B2D4-84ACE3858799}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC32921E-67F9-4561-9891-907B6986CD54}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B826C55C-FFD8-470E-B98A-01B6C8287632}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BCD5E252-7514-45DB-8B06-FD8C679CBE76}" = lport=5985 | protocol=6 | dir=in | app=system |
"{C2498A10-A860-458E-BE13-7652D6C13032}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA9E1CE5-8E7B-40D3-8B5B-92C7E17C3681}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CB724FB8-669F-4B2A-954E-053867D69FE5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CBFD4BC7-5340-47F2-B52C-6DA3D497F27A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DADD209F-3463-4B27-8AAB-68593A0D7308}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E154CEA0-0DB7-4D59-96B4-A3CDAA2BBFA1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E2DEF2DA-3DE4-4A77-8CC9-625E50B0B60B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5A11290-466E-47B5-BD7A-472CE0FC1443}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{FA034507-7CBC-48A6-A647-2D6089B9AA93}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{FD8927FF-9D35-45D2-99F7-026ABA35026E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FEAA81F6-D5C9-4C23-8359-195FD37D7BB6}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0905582C-FD1A-4FCB-B2C8-6A07C109E3D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{23A5654A-2557-4718-A769-897C150A90EE}" = protocol=6 | dir=out | app=system |
"{2C01A374-AF1F-4C96-AF18-35B289B41159}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{343164E2-8EDF-4C1C-8030-A49136BEBE99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34BFDA78-6AE5-4698-8620-1B4CC951861C}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe |
"{376DC99A-0CD0-4BDD-BF6A-A924D313A601}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3946D72E-53ED-46B9-9E80-EE8CF1328D8A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43187CD1-3D50-4642-8AA8-5F757F3583B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58D943C4-91E3-429F-A208-F380DE73E0A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{594B1CF4-A867-4355-848B-2E2DF60A21A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{5C6DD614-CA22-4326-95F7-5AA1045A73FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{601E2FA6-D546-4E71-9798-24886177103A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{611CDB3D-2C43-4081-B5F8-780673FF090F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{736A36A3-D092-4A11-AE4B-B34E3B565A61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DF2A16B-7154-4F81-8245-11B0DFAAE3F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E6A89F3-8DD8-4A4B-85FF-9266B8D61247}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8ECE7C2F-16E7-4D77-831C-43EB91C4D7CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{908932AF-A2A5-4FC1-9691-14032B61CD6F}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe |
"{953A33F0-87E8-42F7-B818-C31840B5BBD1}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe |
"{96911F94-14E6-46F2-8DC2-DDA0A7749DF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96B73E58-94A3-4F2F-BD6E-8353733252C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99AA7554-281A-46C4-BD14-3603A3FFEC9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9EF4B067-2F5B-4796-A6FE-407EB01C307F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0660AB3-182A-4257-9A5C-6B895838163E}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe |
"{C2FD88D0-635E-4D74-B683-2E3E4C95F68B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{C7FB99B2-7FD8-4C50-8FA2-84F43ECA160A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{ED3EE8B0-1895-4C7D-B3F8-815FAA366DE9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EEEF8D48-4191-4E87-8899-E7AD3B5E86D7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F6CDC8AA-39FE-4184-B91E-530CB90DA0D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FCB8509E-0F79-402D-837D-1FEA59469693}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FD396FC9-579F-4986-B59F-8D1925A11F5C}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe |
"TCP Query User{4964AB3B-CFAD-428B-BCE0-66072B773760}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{55E327E6-A121-42D0-87CF-52E4404F97BC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{146F714C-F720-4777-8B2C-15FC351C270E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{FD0DE1B0-5716-4510-951D-93ADAED5E232}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}" = ATI Catalyst Install Manager
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{3EF6F8CE-BE77-0786-CA40-3CB5BF5EBCC8}" = ccc-utility64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{522D5958-FFF0-2849-776B-442BE2A0004C}" = WMV9/VC-1 Video Playback
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Notepad2" = Notepad2 (Notepad Replacement)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04259F13-626E-814E-A80C-4601DFF3CE95}" = CCC Help Finnish
"{04D90620-2973-6F93-6E6C-C833F39C50C1}" = CCC Help Thai
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0FC61261-B251-C870-C650-8A854F1B4CF0}" = CCC Help Chinese Standard
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D0C8FEA-F9E6-4272-8465-58903F1946D0}" = TurboTax 2011 wnyiper
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24C563C0-5569-A3BF-DF26-AAB3F25B5375}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4
"{2823D463-54F8-F7B4-818F-B7436FF70658}" = CCC Help Portuguese
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{32F32D10-5190-7565-DD14-C235FAF81408}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34F971C8-B75F-6B8D-4AFC-5DAB84241AE6}" = CCC Help French
"{3798E892-DB93-6BE5-D4AD-8D1C4569F5EF}" = CCC Help Norwegian
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre
"{52A2A26B-59BE-DE58-67EA-AE33077248A0}" = CCC Help Greek
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{589EB570-9B45-8EF9-7A0F-2A5B3A37BC49}" = CCC Help Swedish
"{59F65EE9-3DD6-6944-8222-342A9947D40B}" = Catalyst Control Center InstallProxy
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{60A1C223-4D86-AD1E-FB21-DE75010DABE3}" = CCC Help Hungarian
"{618AF7BF-10CD-0118-EE52-ED9BC440487B}" = CCC Help Russian
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C313A41-2704-23C5-DA68-05BB34126233}" = CCC Help Italian
"{6C49A7D6-FD97-A573-29C7-87ED1756AC6D}" = CCC Help Chinese Traditional
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B4D913-147C-7084-961A-6728E8F2AC2E}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{9240D97C-D575-465E-A681-21C0979EE5DF}" = Angry Birds Seasons
"{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}" = Angry Birds Rio
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACB77FD0-7796-82B5-51B1-3ABAD84932E7}" = Catalyst Control Center Graphics Previews Common
"{AE26F217-2100-A52C-2A00-3829358E4930}" = ccc-core-static
"{B35FB627-BB1F-E79D-9512-E7CF549B00AD}" = CCC Help Polish
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C4F1B841-0C75-368C-0A54-1BAF7C8B6A91}" = CCC Help English
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE15C07B-32E3-0586-305C-975F0FEE559A}" = CCC Help Turkish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC280F21-4FD6-9D47-6323-7CD5C8712DFB}" = CCC Help Spanish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED8AB7F6-E885-A8E9-1E97-2218D89FAE8F}" = CCC Help German
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EEE6C8F8-4FDD-A08F-2292-31B34E327C0C}" = CCC Help Japanese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4C03C2A-E14E-EB7C-AAD7-F4FB6396BEA1}" = Catalyst Control Center Localization All
"{F9E83908-4502-9B01-6B42-21E449DD2627}" = CCC Help Czech
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB90923E-F94F-4343-A084-F0AB39305C8B}" = Catalyst Control Center - Branding
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVS Audio Converter_is1" = AVS Audio Converter 7
"AVS Audio Editor_is1" = AVS Audio Editor 7.1
"AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0
"AVS Disc Creator_is1" = AVS Disc Creator 5
"AVS Document Converter_is1" = AVS Document Converter 2.1.2
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.2
"AVS Image Converter_is1" = AVS Image Converter 2.1.2.169
"AVS Media Player_is1" = AVS Media Player 4.1.8.93
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Ringtone Maker 1.6_is1" = AVS Ringtone Maker version 1.6
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.8.140
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"AVSRegistryCleaner_is1" = AVS Registry Cleaner version 2.2
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt
"ESET Online Scanner" = ESET Online Scanner v3
"F-Secure Product 444" = Max Security
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RapidShare Manager" = RapidShare Manager
"TurboTax 2011" = TurboTax 2011
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/17/2012 4:22:19 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 6/17/2012 6:48:56 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 6/17/2012 6:48:56 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 6/17/2012 6:49:01 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 6/17/2012 8:05:35 AM | Computer Name = Owner-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 1 2012-06-17 08:05:35-04:00 OWNER-PC Owner-PC\Owner F-Secure
Anti-Virus Spyware detected: Type: riskware Family: Name: Application.Generic.402655
Object: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
Error - 6/17/2012 8:16:32 AM | Computer Name = Owner-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 2 2012-06-17 08:16:31-04:00 OWNER-PC Owner-PC\Owner F-Secure
Anti-Virus Spyware detected: Type: riskware Family: Name: Application.Generic.402655
Object: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
Error - 6/18/2012 5:10:57 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/18/2012 1:30:23 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/19/2012 12:23:08 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/19/2012 1:32:27 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 6/26/2012 11:28:43 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description =
Error - 6/26/2012 11:41:43 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
93701173
Error - 6/26/2012 11:42:40 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description =
Error - 6/26/2012 12:00:01 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
93701173
Error - 6/26/2012 12:00:59 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description =
Error - 6/26/2012 12:11:51 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
93701173
Error - 6/26/2012 12:12:49 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description =
Error - 6/26/2012 1:57:54 PM | Computer Name = Owner-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 6/26/2012 5:17:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
93701173
Error - 6/26/2012 5:18:08 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description =
< End of report >
-
Teatimer must be left over from when I tried spybot to remove malware. I had uninstalled spybot after the attempt using windows uninstaller. I can not access spybot without reinstalling. Can you give me direction on how to uninstall or delete teatimer with or without reinstalling spybot? I also noticed that there is other left over files from spybot and eset online scanner. My two active virus/malware programs are Malwarebytes Pro and F-Secure (also known as Max Security) anything else you see can be uninstalled if you tell me how. Thank you for your help.
-
I have run multiple scans, with malwarebytes pro, f secure max security, s d spybot, superanitspyware, eset online and others, Sometime they pick up incredibar files and delete them. After that computer will run fine for hours or days then acts infected again. I have had it running correctly about 5 differant times in the last 2 weeks. Computer is a toshiba satelite c665dm amd e350 1.60 ghz processer, 8 g ram, 64 bit windows 7 home premium. My internet runs at about 3000 k normally, it has been running around 400k with the infection. Does not make any difference whether I use wireless or wired. I have two other laptops and they are running at 3000 k+. I mainly use firefox as my browser, it has been going into the not responding mode alot, I have deleted and reinstalled firefox with no changes. My adobe flash has also been crashing, it also has been reinstalled. Now anytime I disable my main security (F secure Max) (had to to run e set online scanner) Google chrome automaticly installs and makes itself my default browser. requested files are below.
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.26.06
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
Protection: Enabled
6/26/2012 1:38:13 PM
mbam-log-2012-06-26 (13-38-13).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205801
Time elapsed: 3 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Owner at 13:47:10 on 2012-06-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.5537 [GMT -4:00]
.
AV: Max Security 9.17 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Max Security 9.17 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Max Security 9.17 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Frontier\Security\Anti-Virus\FSGK32.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Frontier\Security\Common\FSHDLL32.EXE
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Frontier\Security\Common\FSHDLL64.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe
C:\Program Files (x86)\Frontier\Security\FWES\Program\fsdfwd.exe
C:\Program Files (x86)\Frontier\Security\Anti-Virus\fssm32.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Frontier\Security\Spam Control\fsscoepl_x64.exe
C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsav32.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\Owner\AppData\Local\Temp\SUPERSetup\SAS_LaunchChromeSetup.exe
C:\Users\Owner\AppData\Local\Temp\SUPERSetup\SupportCom_Chrome_v1.exe
C:\Program Files (x86)\Google\googleupdatesetup_1.2.183.29.exe
C:\Users\Owner\AppData\Local\Temp\GUM1E79.tmp\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:55253
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [F-Secure Manager] "C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{2BE08BC4-E7DC-4552-99A3-483171EBF35B} : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{43466DCC-1E51-4A9B-8351-B7CEAD2A04EA} : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{43466DCC-1E51-4A9B-8351-B7CEAD2A04EA}\C696E6B6379737 : DhcpNameServer = 192.168.254.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll
BHO-X64: LitmusBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE" /splash
mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\
FF - prefs.js: browser.search.selectedEngine - Rapidshare FileFinder
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\10litmus-ff.dll
FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\11litmus-ff.dll
FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\12litmus-ff.dll
FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\13litmus-ff.dll
FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\6litmus-ff.dll
FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\7litmus-ff.dll
FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\8litmus-ff.dll
FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\9litmus-ff.dll
FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2011-8-11 42672]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2012-3-30 60048]
R1 FSES;F-Secure Email Scanning Driver;C:\windows\system32\drivers\fses.sys --> C:\windows\system32\drivers\fses.sys [?]
R1 FSFW;F-Secure Firewall Driver;C:\windows\system32\drivers\fsdfw.sys --> C:\windows\system32\drivers\fsdfw.sys [?]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2012-3-30 15024]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe [2012-3-30 221872]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-14 654408]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-3-30 199848]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-3-30 61088]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-26 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-7-2 51576]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-26 16:20:12 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-26 16:05:47 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{18476433-70D0-4C79-ADC7-388D4F20554D}\mpengine.dll
2012-06-25 17:51:29 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-25 17:51:29 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-25 16:59:17 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-06-25 16:59:17 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-06-25 16:59:17 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-06-25 16:59:17 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-06-21 11:00:53 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-21 11:00:30 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-21 11:00:15 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-21 11:00:15 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-17 10:54:02 774144 ----a-w- C:\windows\SysWow64\htmlayout.dll
2012-06-17 07:00:59 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-17 07:00:59 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-17 07:00:57 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-06-17 07:00:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-06-17 07:00:57 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-06-17 07:00:57 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-06-17 02:01:17 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-17 01:53:55 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-06-17 01:53:55 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-06-17 01:53:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-06-17 01:52:55 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-06-17 01:52:42 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-06-17 01:52:40 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-06-17 01:52:38 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-06-17 01:52:34 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-06-17 01:52:26 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-06-17 01:50:44 3216384 ----a-w- C:\windows\System32\msi.dll
2012-06-17 01:50:43 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-06-17 01:50:17 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-06-17 01:50:16 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-06-17 01:50:16 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-06-17 01:50:16 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-06-17 01:50:15 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-06-17 01:50:15 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-06-17 01:09:47 -------- d-----w- C:\Users\Owner\AppData\Roaming\Wireshark
2012-06-13 11:44:30 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia
2012-06-11 23:49:30 -------- d-----w- C:\ProgramData\Axara
2012-06-11 23:47:07 -------- d-----w- C:\Program Files (x86)\Common Files\Axara
2012-06-11 17:49:58 -------- d-----w- C:\windows\SysWow64\kodak
2012-06-11 17:05:21 -------- d-----w- C:\Program Files (x86)\Kodak
2012-06-11 13:22:33 -------- d-----w- C:\Program Files\Web Assistant
2012-06-11 13:18:41 -------- d-----w- C:\Program Files (x86)\1ClickDownload
2012-06-09 14:19:23 -------- d-----w- C:\Users\Owner\AppData\Local\Eastman_Kodak_Company
2012-06-09 14:17:29 -------- d-----w- C:\Users\Owner\AppData\Local\Eastman Kodak Company
2012-06-09 14:09:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\Temp
2012-06-09 14:09:43 -------- d-----w- C:\ProgramData\Kodak
2012-06-05 14:53:33 -------- d-----w- C:\Users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_
2012-06-05 12:39:11 -------- d-----w- C:\Users\Owner\The_Over-the-Hill_Gang__1969_
.
==================== Find3M ====================
.
2012-06-23 21:12:55 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 21:12:55 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-09 11:49:29 55960 ----a-w- C:\windows\System32\drivers\fsbts.sys
2012-04-04 22:47:08 772504 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-04-04 22:47:02 687504 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 13:48:43.56 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/30/2011 12:13:23 PM
System Uptime: 6/26/2012 12:11:22 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD E-350 Processor | Socket FT1 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 124.327 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP137: 6/16/2012 9:26:04 PM - Restore Operation
RP138: 6/16/2012 9:50:54 PM - Windows Update
RP139: 6/17/2012 3:00:16 AM - Windows Update
RP140: 6/18/2012 5:44:21 AM - AVS Registry Cleaner First Launch
RP141: 6/18/2012 5:47:18 AM - Backup_2012_06_18
RP142: 6/19/2012 7:29:59 AM - Backup_2012_06_19
RP143: 6/21/2012 6:59:39 AM - Windows Update
RP144: 6/22/2012 5:16:37 AM - Windows Update
RP145: 6/25/2012 9:38:58 PM - Restore Operation
RP146: 6/25/2012 9:50:22 PM - Windows Update
RP147: 6/25/2012 10:05:06 PM - Windows Update
RP148: 6/26/2012 11:54:21 AM - Restore Operation
RP149: 6/26/2012 12:04:54 PM - Windows Update
.
==== Installed Programs ======================
.
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) MUI
Angry Birds Rio
Angry Birds Seasons
Angry Birds Space
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
AVS Audio Converter 7
AVS Audio Editor 7.1
AVS Audio Recorder version 4.0
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5
AVS Document Converter 2.1.2
AVS DVD Authoring
AVS DVD Copy version 4.1.2
AVS Image Converter 2.1.2.169
AVS Media Player 4.1.8.93
AVS Photo Editor
AVS Registry Cleaner version 2.2
AVS Ringtone Maker version 1.6
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.4
AVS Video ReMaker 4.0.8.140
AVS4YOU Software Navigator 1.4
calibre
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Coupon Printer for Windows
D3DX10
DJ_AIO_06_F4500_SW_MIN
DVDFab 8.1.7.8 (17/04/2012) Qt
ESET Online Scanner v3
Google Chrome
Google Update Helper
Java Auto Updater
Java™ 6 Update 29
Java™ 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Max Security
Mesh Runtime
Microsoft Office 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 9.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PlayReady PC Runtime x86
RapidShare Manager
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Toolbox
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnyiper
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
93701173
6/26/2012 12:12:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/26/2012 12:11:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
6/26/2012 11:26:04 AM, Error: F-Secure Gatekeeper [1] -
6/22/2012 11:56:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/20/2012 9:41:30 AM, Error: volsnap [27] - The shadow copies of volume G: were aborted during detection because a critical control file could not be opened.
6/20/2012 9:40:48 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
.
==== End Of File ===========================
-
Got it Excluded quarantined file, now shows no threats, Thank you for all your help.
-
I understand that you now think they are false positives, what should I do. Report them to CA? Can I make scanner ignore them? Tried but scanner wants to know what file to ignore.
-
What should I try next?
-
Yes full scan and quick scan in normal mode still show 6 threats
-
Did it 6 threats: CA log below
5/12/2010 8:19:33 AM
6
XP Internet Security 2010
software\classes\.exe
3
993
0
XP Internet Security 2010
3
993
3
XP Internet Security 2010
HKEY_CURRENT_USER\Software\Classes\.exe
3
993
0
XP Internet Security 2010
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
3
993
0
XP Internet Security 2010
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
3
993
0
XP Internet Security 2010
HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
3
993
0
-
SREng ran, CA quick scan 6 threats still.
-
Stopzilla off exehelper run log below, ca quick scan in normal mode still has 6 threats
exeHelper by Raktor
Build 20100414
Run at 14:04:08 on 05/09/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20100414
Run at 08:07:52 on 05/10/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20100414
Run at 11:20:21 on 05/10/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20100414
Run at 14:01:34 on 05/11/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
-
I ran a full scan in safe mode it comes back with 0 infected files it does not create a log because it did not find anything. A quick scan in safe mode comes back with the 6 infected files. A full and quick scan in normal mode both come back with the 6 infected files.
-
rebooted and now will let me run scan in normal mode will try safe mode after normal mode scan is finished.
-
Would not start full scan in safe mode, after trying I tried to restart computer and had a systems crash, windows repair start up and now am back in normal mode. Tried to do full scan in normal mode and it will not start.
incredibar maybe
in Resolved Malware Removal Logs
Posted
Seems to be running fine, no auto load from google chrome, no freezing, thank you for all your help.
Sent $20 usd donation to help stop malware
Confirmation number: 7TC87978PD4828527.
dyndi_69@------