incredibar maybe

dragon8161 · June 26, 2012

I have run multiple scans, with malwarebytes pro, f secure max security, s d spybot, superanitspyware, eset online and others, Sometime they pick up incredibar files and delete them. After that computer will run fine for hours or days then acts infected again. I have had it running correctly about 5 differant times in the last 2 weeks. Computer is a toshiba satelite c665dm amd e350 1.60 ghz processer, 8 g ram, 64 bit windows 7 home premium. My internet runs at about 3000 k normally, it has been running around 400k with the infection. Does not make any difference whether I use wireless or wired. I have two other laptops and they are running at 3000 k+. I mainly use firefox as my browser, it has been going into the not responding mode alot, I have deleted and reinstalled firefox with no changes. My adobe flash has also been crashing, it also has been reinstalled. Now anytime I disable my main security (F secure Max) (had to to run e set online scanner) Google chrome automaticly installs and makes itself my default browser. requested files are below.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.26.06

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

Protection: Enabled

6/26/2012 1:38:13 PM

mbam-log-2012-06-26 (13-38-13).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 205801

Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Owner at 13:47:10 on 2012-06-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.5537 [GMT -4:00]

.

AV: Max Security 9.17 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

SP: Max Security 9.17 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Max Security 9.17 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Frontier\Security\Anti-Virus\FSGK32.EXE

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Frontier\Security\Common\FSHDLL32.EXE

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\Frontier\Security\Common\FSHDLL64.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe

C:\Program Files (x86)\Frontier\Security\FWES\Program\fsdfwd.exe

C:\Program Files (x86)\Frontier\Security\Anti-Virus\fssm32.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Frontier\Security\Spam Control\fsscoepl_x64.exe

C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsav32.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Users\Owner\AppData\Local\Temp\SUPERSetup\SAS_LaunchChromeSetup.exe

C:\Users\Owner\AppData\Local\Temp\SUPERSetup\SupportCom_Chrome_v1.exe

C:\Program Files (x86)\Google\googleupdatesetup_1.2.183.29.exe

C:\Users\Owner\AppData\Local\Temp\GUM1E79.tmp\GoogleUpdate.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\msiexec.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://start.toshiba.com/g/

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:55253

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [F-Secure Manager] "C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{2BE08BC4-E7DC-4552-99A3-483171EBF35B} : DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{43466DCC-1E51-4A9B-8351-B7CEAD2A04EA} : DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{43466DCC-1E51-4A9B-8351-B7CEAD2A04EA}\C696E6B6379737 : DhcpNameServer = 192.168.254.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll

BHO-X64: LitmusBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE" /splash

mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\

FF - prefs.js: browser.search.selectedEngine - Rapidshare FileFinder

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\10litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\11litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\12litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\13litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\6litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\7litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\8litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\9litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll

FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]

R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2011-8-11 42672]

R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2012-3-30 60048]

R1 FSES;F-Secure Email Scanning Driver;C:\windows\system32\drivers\fses.sys --> C:\windows\system32\drivers\fses.sys [?]

R1 FSFW;F-Secure Firewall Driver;C:\windows\system32\drivers\fsdfw.sys --> C:\windows\system32\drivers\fsdfw.sys [?]

R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2012-3-30 15024]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe [2012-3-30 221872]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-14 654408]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-3-30 199848]

R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-3-30 61088]

R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

RUnknown SASKUTIL;SASKUTIL; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-26 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-7-2 51576]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-26 16:20:12 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-06-26 16:05:47 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{18476433-70D0-4C79-ADC7-388D4F20554D}\mpengine.dll

2012-06-25 17:51:29 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-06-25 17:51:29 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-06-25 16:59:17 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2012-06-25 16:59:17 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2012-06-25 16:59:17 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2012-06-25 16:59:17 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2012-06-21 11:00:53 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-21 11:00:30 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-21 11:00:15 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-21 11:00:15 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-17 10:54:02 774144 ----a-w- C:\windows\SysWow64\htmlayout.dll

2012-06-17 07:00:59 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-06-17 07:00:59 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-06-17 07:00:57 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2012-06-17 07:00:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2012-06-17 07:00:57 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll

2012-06-17 07:00:57 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll

2012-06-17 02:01:17 -------- d-----w- C:\Program Files (x86)\ESET

2012-06-17 01:53:55 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-06-17 01:53:55 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-06-17 01:53:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-06-17 01:52:55 3146752 ----a-w- C:\windows\System32\win32k.sys

2012-06-17 01:52:42 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-06-17 01:52:40 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-06-17 01:52:38 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-06-17 01:52:34 209920 ----a-w- C:\windows\System32\profsvc.dll

2012-06-17 01:52:26 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-06-17 01:50:44 3216384 ----a-w- C:\windows\System32\msi.dll

2012-06-17 01:50:43 2342400 ----a-w- C:\windows\SysWow64\msi.dll

2012-06-17 01:50:17 1462272 ----a-w- C:\windows\System32\crypt32.dll

2012-06-17 01:50:16 184320 ----a-w- C:\windows\System32\cryptsvc.dll

2012-06-17 01:50:16 140288 ----a-w- C:\windows\System32\cryptnet.dll

2012-06-17 01:50:16 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll

2012-06-17 01:50:15 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll

2012-06-17 01:50:15 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll

2012-06-17 01:09:47 -------- d-----w- C:\Users\Owner\AppData\Roaming\Wireshark

2012-06-13 11:44:30 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia

2012-06-11 23:49:30 -------- d-----w- C:\ProgramData\Axara

2012-06-11 23:47:07 -------- d-----w- C:\Program Files (x86)\Common Files\Axara

2012-06-11 17:49:58 -------- d-----w- C:\windows\SysWow64\kodak

2012-06-11 17:05:21 -------- d-----w- C:\Program Files (x86)\Kodak

2012-06-11 13:22:33 -------- d-----w- C:\Program Files\Web Assistant

2012-06-11 13:18:41 -------- d-----w- C:\Program Files (x86)\1ClickDownload

2012-06-09 14:19:23 -------- d-----w- C:\Users\Owner\AppData\Local\Eastman_Kodak_Company

2012-06-09 14:17:29 -------- d-----w- C:\Users\Owner\AppData\Local\Eastman Kodak Company

2012-06-09 14:09:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\Temp

2012-06-09 14:09:43 -------- d-----w- C:\ProgramData\Kodak

2012-06-05 14:53:33 -------- d-----w- C:\Users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_

2012-06-05 12:39:11 -------- d-----w- C:\Users\Owner\The_Over-the-Hill_Gang__1969_

.

==================== Find3M ====================

.

2012-06-23 21:12:55 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 21:12:55 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-05-09 11:49:29 55960 ----a-w- C:\windows\System32\drivers\fsbts.sys

2012-04-04 22:47:08 772504 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2012-04-04 22:47:02 687504 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-04-04 19:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys

.

============= FINISH: 13:48:43.56 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/30/2011 12:13:23 PM

System Uptime: 6/26/2012 12:11:22 PM (1 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: AMD E-350 Processor | Socket FT1 | 800/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 285 GiB total, 124.327 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet F4500 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Deskjet F4500 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP137: 6/16/2012 9:26:04 PM - Restore Operation

RP138: 6/16/2012 9:50:54 PM - Windows Update

RP139: 6/17/2012 3:00:16 AM - Windows Update

RP140: 6/18/2012 5:44:21 AM - AVS Registry Cleaner First Launch

RP141: 6/18/2012 5:47:18 AM - Backup_2012_06_18

RP142: 6/19/2012 7:29:59 AM - Backup_2012_06_19

RP143: 6/21/2012 6:59:39 AM - Windows Update

RP144: 6/22/2012 5:16:37 AM - Windows Update

RP145: 6/25/2012 9:38:58 PM - Restore Operation

RP146: 6/25/2012 9:50:22 PM - Windows Update

RP147: 6/25/2012 10:05:06 PM - Windows Update

RP148: 6/26/2012 11:54:21 AM - Restore Operation

RP149: 6/26/2012 12:04:54 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3) MUI

Angry Birds Rio

Angry Birds Seasons

Angry Birds Space

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

AVS Audio Converter 7

AVS Audio Editor 7.1

AVS Audio Recorder version 4.0

AVS Cover Editor 2.0.1.3

AVS Disc Creator 5

AVS Document Converter 2.1.2

AVS DVD Authoring

AVS DVD Copy version 4.1.2

AVS Image Converter 2.1.2.169

AVS Media Player 4.1.8.93

AVS Photo Editor

AVS Registry Cleaner version 2.2

AVS Ringtone Maker version 1.6

AVS Screen Capture version 2.0.1

AVS Update Manager 1.0

AVS Video Converter 8

AVS Video Editor 6

AVS Video Recorder 2.4

AVS Video ReMaker 4.0.8.140

AVS4YOU Software Navigator 1.4

calibre

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Coupon Printer for Windows

D3DX10

DJ_AIO_06_F4500_SW_MIN

DVDFab 8.1.7.8 (17/04/2012) Qt

ESET Online Scanner v3

Google Chrome

Google Update Helper

Java Auto Updater

Java™ 6 Update 29

Java™ 7 Update 4

JavaFX 2.1.0

Junk Mail filter update

Label@Once 1.0

Malwarebytes Anti-Malware version 1.61.0.1400

Max Security

Mesh Runtime

Microsoft Office 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 9.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PlayReady PC Runtime x86

RapidShare Manager

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Toolbox

TOSHIBA Application Installer

TOSHIBA Assist

Toshiba Book Place

TOSHIBA Bulletin Board

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

ToshibaRegistration

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wnyiper

TurboTax 2011 wrapper

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

93701173

6/26/2012 12:12:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

6/26/2012 12:11:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:

6/26/2012 11:26:04 AM, Error: F-Secure Gatekeeper [1] -

6/22/2012 11:56:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

6/20/2012 9:41:30 AM, Error: volsnap [27] - The shadow copies of volume G: were aborted during detection because a critical control file could not be opened.

6/20/2012 9:40:48 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.

.

==== End Of File ===========================

Maniac · June 26, 2012

Hello dragon8161! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
OTL log with Extras.txt

dragon8161 · June 26, 2012

Teatimer must be left over from when I tried spybot to remove malware. I had uninstalled spybot after the attempt using windows uninstaller. I can not access spybot without reinstalling. Can you give me direction on how to uninstall or delete teatimer with or without reinstalling spybot? I also noticed that there is other left over files from spybot and eset online scanner. My two active virus/malware programs are Malwarebytes Pro and F-Secure (also known as Max Security) anything else you see can be uninstalled if you tell me how. Thank you for your help.

Maniac · June 26, 2012

Proceed with the next two steps, I will take care.

dragon8161 · June 27, 2012

step 1 I could not do

Step 2 done with negative results

Step 3 posted below

I also noted that it appears only firefox is effected so far, Internet Explore is still operation well, with speeds up to 3000k.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.27.01

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

Protection: Enabled

6/26/2012 9:53:08 PM

mbam-log-2012-06-26 (21-53-08).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 205931

Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

OTL logfile created on: 6/26/2012 9:59:37 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.60 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 79.57% Memory free

15.20 Gb Paging File | 13.53 Gb Available in Paging File | 89.03% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.29 Gb Total Space | 124.21 Gb Free Space | 43.54% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/26 21:57:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

PRC - [2012/05/29 09:30:29 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fssm32.exe

PRC - [2012/05/29 09:30:28 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/30 17:07:55 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe

PRC - [2012/03/30 17:06:48 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsav32.exe

PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/09/26 11:53:24 | 000,201,392 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE

PRC - [2011/09/26 11:53:24 | 000,189,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE

PRC - [2011/09/26 11:53:24 | 000,090,800 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSHDLL32.EXE

PRC - [2011/09/26 11:52:10 | 000,221,872 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe

PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/26 11:53:50 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSPC\fspcfsm.eng

MOD - [2011/09/26 11:52:22 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\strres.eng

MOD - [2011/09/26 11:52:20 | 000,553,648 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\gres.dll

MOD - [2011/09/26 11:52:20 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\fsavures.eng

MOD - [2011/09/26 11:52:18 | 000,443,056 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\about.dll

MOD - [2011/09/26 11:52:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\flyerres.eng

MOD - [2011/09/26 11:52:18 | 000,090,800 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\aboutres.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/10 15:52:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/10/20 17:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/06/26 16:36:44 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/24 12:08:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/30 17:07:55 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe -- (FSORSPClient)

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/09/26 11:53:24 | 000,189,104 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE -- (FSMA)

SRV - [2011/09/26 11:52:38 | 000,847,024 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\FWES\program\fsdfwd.exe -- (FSDFWD)

SRV - [2011/09/26 11:52:10 | 000,221,872 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)

SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2010/07/01 13:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/09 07:49:29 | 000,055,960 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/29 17:17:24 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2011/09/26 11:52:38 | 000,094,320 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)

DRV:64bit: - [2011/09/26 11:52:32 | 000,046,672 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/14 15:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2011/02/10 16:22:00 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/02/10 15:15:08 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2011/01/05 04:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/11 15:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/11/05 10:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/11/05 10:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/10/08 14:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/09/27 18:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012/05/29 09:31:18 | 000,199,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)

DRV - [2011/09/26 11:53:16 | 000,060,048 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Frontier\Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)

DRV - [2011/09/26 11:52:10 | 000,015,024 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys -- (fsvista)

DRV - [2011/08/17 08:33:43 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}

IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}

IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\SearchScopes,DefaultScope = {193CE2D3-9E39-4216-9C24-A42A6DAF31E1}

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_en

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\SearchScopes\{193CE2D3-9E39-4216-9C24-A42A6DAF31E1}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55253

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Rapidshare FileFinder"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.1

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8

FF - prefs.js..extensions.enabledItems: firetorrent@radicalsoft.com:2.0.3

FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.18

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com [2012/06/05 00:31:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/26 12:08:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/13 23:05:58 | 000,000,000 | ---D | M]

[2011/08/11 14:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions

[2012/06/26 16:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions

[2012/03/30 00:17:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/02/12 09:11:41 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2012/05/19 18:12:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012/06/11 09:21:43 | 000,002,203 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\MyStart Search.xml

[2011/10/06 17:49:38 | 000,001,115 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\rapidshare-filefinder.xml

[2012/06/26 12:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/06/05 00:31:33 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES (X86)\FRONTIER\SECURITY\NRS\LITMUS-FF@F-SECURE.COM

[2012/06/26 11:17:18 | 000,339,843 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI

[2012/06/26 16:45:49 | 000,089,442 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI

[2012/06/11 10:13:15 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/05/05 09:54:57 | 000,015,675 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\REMEMBER-PASSWORDS@STANIMIR-STAMENKOV.ADDONS.MOZILLA.ORG.XPI

[2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/07/13 17:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2011/10/27 10:07:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/07/13 17:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE08BC4-E7DC-4552-99A3-483171EBF35B}: DhcpNameServer = 192.168.254.254 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43466DCC-1E51-4A9B-8351-B7CEAD2A04EA}: DhcpNameServer = 192.168.254.254 192.168.254.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{39b7ed5c-bacb-11e1-a2dc-00266cc8b068}\Shell - "" = AutoRun

O33 - MountPoints2\{39b7ed5c-bacb-11e1-a2dc-00266cc8b068}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{e58a007c-c9cd-11e0-b4a8-00266cc8b068}\Shell - "" = AutoRun

O33 - MountPoints2\{e58a007c-c9cd-11e0-b4a8-00266cc8b068}\Shell\AutoRun\command - "" = E:\HPLauncher.exe

O33 - MountPoints2\{ff9997ae-c448-11e0-8b0e-00266cc8b068}\Shell - "" = AutoRun

O33 - MountPoints2\{ff9997ae-c448-11e0-8b0e-00266cc8b068}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 21:57:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/06/26 13:35:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr

[2012/06/26 12:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/06/25 13:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/06/25 13:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/06/17 06:54:02 | 000,774,144 | ---- | C] (Terra Informatica Software, Inc., British Columbia, Canada.) -- C:\windows\SysWow64\htmlayout.dll

[2012/06/16 22:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/06/16 21:09:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Wireshark

[2012/06/13 07:44:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia

[2012/06/11 19:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Axara

[2012/06/11 19:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Axara

[2012/06/11 13:49:58 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\kodak

[2012/06/11 13:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak

[2012/06/11 09:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant

[2012/06/11 09:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload

[2012/06/09 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Eastman_Kodak_Company

[2012/06/09 10:17:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Eastman Kodak Company

[2012/06/09 10:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak

[2012/06/09 10:09:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Temp

[2012/06/09 10:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak

[2012/06/05 10:53:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_

[2012/06/05 08:39:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\The_Over-the-Hill_Gang__1969_

[2011/10/29 17:17:24 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/26 21:57:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/06/26 21:12:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/06/26 17:24:44 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/26 17:24:44 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/26 17:16:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/06/26 17:16:52 | 1825,726,463 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/26 13:35:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr

[2012/06/26 12:08:32 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/06/26 12:08:31 | 000,002,067 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/06/25 14:22:01 | 000,185,726 | ---- | M] () -- C:\Users\Owner\Desktop\bookmarks-2012-06-25.json

[2012/06/25 14:11:27 | 000,162,856 | ---- | M] () -- C:\Users\Owner\Desktop\Untitled.jpg

[2012/06/25 12:58:22 | 000,007,607 | ---- | M] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg

[2012/06/22 16:57:16 | 000,762,458 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/06/22 16:57:16 | 000,649,202 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/06/22 16:57:16 | 000,116,760 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/06/18 05:10:05 | 000,290,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/06/17 07:25:38 | 001,657,725 | ---- | M] () -- C:\Users\Owner\Documents\heatwave grilling guide rev2009.pdf

[2012/06/17 06:59:14 | 000,001,216 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Disc Creator.lnk

[2012/06/17 06:57:12 | 000,001,252 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Audio Converter.lnk

[2012/06/17 06:56:34 | 000,001,216 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Media Player.lnk

[2012/06/17 06:54:40 | 000,001,252 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Video Converter.lnk

[2012/06/16 15:39:14 | 000,822,419 | ---- | M] () -- C:\Users\Owner\AppData\Local\census.cache

[2012/06/16 15:38:55 | 000,105,430 | ---- | M] () -- C:\Users\Owner\AppData\Local\ars.cache

[2012/06/16 15:29:08 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache

[2012/06/15 08:17:48 | 003,245,374 | ---- | M] () -- C:\Users\Owner\Documents\Netgear_7550_BHSI_Reference_Guide.pdf

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/25 14:22:00 | 000,185,726 | ---- | C] () -- C:\Users\Owner\Desktop\bookmarks-2012-06-25.json

[2012/06/25 14:11:26 | 000,162,856 | ---- | C] () -- C:\Users\Owner\Desktop\Untitled.jpg

[2012/06/17 07:25:38 | 001,657,725 | ---- | C] () -- C:\Users\Owner\Documents\heatwave grilling guide rev2009.pdf

[2012/06/17 06:57:12 | 000,001,252 | ---- | C] () -- C:\Users\Owner\Desktop\AVS Audio Converter.lnk

[2012/06/17 06:56:34 | 000,001,216 | ---- | C] () -- C:\Users\Owner\Desktop\AVS Media Player.lnk

[2012/06/17 06:54:40 | 000,001,252 | ---- | C] () -- C:\Users\Owner\Desktop\AVS Video Converter.lnk

[2012/06/16 15:39:14 | 000,822,419 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache

[2012/06/16 15:38:55 | 000,105,430 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache

[2012/06/16 15:29:08 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache

[2012/06/15 08:29:42 | 003,245,374 | ---- | C] () -- C:\Users\Owner\Documents\Netgear_7550_BHSI_Reference_Guide.pdf

[2012/05/06 11:54:19 | 000,000,005 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mbam.context.scan

[2012/04/04 13:06:41 | 000,007,607 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg

[2012/02/10 10:13:58 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2012/01/27 10:47:48 | 000,023,978 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Notepad2.ini

[2012/01/11 09:14:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2011/12/23 00:01:50 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{A69A8F95-5AB0-457D-B177-10CF2AA32681}

[2011/10/29 17:17:24 | 000,099,384 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\inst.exe

[2011/10/29 17:17:24 | 000,007,859 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat

[2011/10/29 17:17:24 | 000,001,167 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf

[2011/08/24 15:52:39 | 000,008,104 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\159A.137

[2011/08/18 18:40:00 | 000,524,288 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll

[2011/08/18 18:40:00 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll

[2011/08/11 16:07:38 | 000,042,672 | ---- | C] () -- C:\windows\SysWow64\drivers\fsbts.sys

[2011/08/11 16:06:57 | 000,777,242 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/08/11 15:33:42 | 000,173,326 | ---- | C] () -- C:\windows\hpoins46.dat

[2011/08/11 15:33:41 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat

[2011/07/02 22:09:56 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe

[2011/07/02 22:03:54 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2011/07/02 22:01:20 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/02/10 17:43:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\calibre

[2012/03/23 18:09:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rovio

[2012/06/09 10:09:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Temp

[2011/10/13 11:11:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thinstall

[2011/07/30 16:18:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba

[2011/10/30 17:20:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP

[2012/01/11 10:05:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vso

[2011/07/30 12:14:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

[2012/06/16 21:09:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wireshark

[2012/05/14 08:11:58 | 000,032,634 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 6/26/2012 9:59:37 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.60 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 79.57% Memory free

15.20 Gb Paging File | 13.53 Gb Available in Paging File | 89.03% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.29 Gb Total Space | 124.21 Gb Free Space | 43.54% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)

Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)

Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0325FBAE-4537-479F-A13F-55FC3F846C3B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{03DE67E1-672B-45A1-8373-04348F11114F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{03EE766B-E086-4D5B-8DF0-BF3B97F0BB9E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{08587E3D-EDB4-4DD2-B694-ED03300028D3}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |

"{08D1FC44-7AD5-4EF9-BAC7-032AB33DE23C}" = lport=67 | protocol=17 | dir=in | name=dhcp server |

"{0DC7F033-549D-45EF-BE2B-067B8935AB77}" = rport=138 | protocol=17 | dir=out | app=system |

"{14AB2AF9-56FB-4FD4-A54A-B1F6A0546096}" = lport=138 | protocol=17 | dir=in | app=system |

"{16EA5E6A-F41F-4E7D-BD0E-9F22F2880584}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{1ADD7169-E3B6-43C1-BC11-CF39D8A9A03E}" = rport=139 | protocol=6 | dir=out | app=system |

"{1D751C5E-19BD-4EE1-B074-D30B3C7140E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2DE1DD9E-03C5-41DB-9312-F6946AFF1749}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{347867FA-6224-4438-8B0D-CEBD3FA74B56}" = lport=80 | protocol=6 | dir=in | app=system |

"{3640AA6F-A8B8-4042-B73A-85B8286C281F}" = rport=137 | protocol=17 | dir=out | app=system |

"{43805FE7-D3FD-45A4-88E2-0FCC8DE92654}" = lport=10243 | protocol=6 | dir=in | app=system |

"{4645C308-2133-44A2-B6DE-9037A5AC82B8}" = lport=445 | protocol=6 | dir=in | app=system |

"{4A8BEE2D-8097-4262-BFE7-31D8AEF167C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4EF62858-497E-4226-B51C-BCC89F1B7B30}" = lport=137 | protocol=17 | dir=in | app=system |

"{505D9248-1DC0-4F21-81A1-FF051421C364}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{52DFF76B-B404-4F6D-8AD4-406F921CFC1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5E2529D7-4F25-40D3-8ADC-DDE1137686DD}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |

"{5FAA62C2-60E2-405B-8C36-DAD220C12259}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{60315EAE-99D8-4144-B45D-17DFFADE59B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{695FF8F5-C991-46C9-BE6F-E100793C2EBF}" = lport=139 | protocol=6 | dir=in | app=system |

"{8D2E385E-FA84-47F4-A045-D0BB81532997}" = rport=10243 | protocol=6 | dir=out | app=system |

"{A2BA94E2-6EDC-46D0-88AD-6BFC2929EBF8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A8B7E8E9-FF1B-43B0-B2D4-84ACE3858799}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{AC32921E-67F9-4561-9891-907B6986CD54}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{B826C55C-FFD8-470E-B98A-01B6C8287632}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{BCD5E252-7514-45DB-8B06-FD8C679CBE76}" = lport=5985 | protocol=6 | dir=in | app=system |

"{C2498A10-A860-458E-BE13-7652D6C13032}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CA9E1CE5-8E7B-40D3-8B5B-92C7E17C3681}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{CB724FB8-669F-4B2A-954E-053867D69FE5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CBFD4BC7-5340-47F2-B52C-6DA3D497F27A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{DADD209F-3463-4B27-8AAB-68593A0D7308}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E154CEA0-0DB7-4D59-96B4-A3CDAA2BBFA1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{E2DEF2DA-3DE4-4A77-8CC9-625E50B0B60B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F5A11290-466E-47B5-BD7A-472CE0FC1443}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |

"{FA034507-7CBC-48A6-A647-2D6089B9AA93}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{FD8927FF-9D35-45D2-99F7-026ABA35026E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{FEAA81F6-D5C9-4C23-8359-195FD37D7BB6}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0905582C-FD1A-4FCB-B2C8-6A07C109E3D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{23A5654A-2557-4718-A769-897C150A90EE}" = protocol=6 | dir=out | app=system |

"{2C01A374-AF1F-4C96-AF18-35B289B41159}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{343164E2-8EDF-4C1C-8030-A49136BEBE99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{34BFDA78-6AE5-4698-8620-1B4CC951861C}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe |

"{376DC99A-0CD0-4BDD-BF6A-A924D313A601}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{3946D72E-53ED-46B9-9E80-EE8CF1328D8A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{43187CD1-3D50-4642-8AA8-5F757F3583B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{58D943C4-91E3-429F-A208-F380DE73E0A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{594B1CF4-A867-4355-848B-2E2DF60A21A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{5C6DD614-CA22-4326-95F7-5AA1045A73FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{601E2FA6-D546-4E71-9798-24886177103A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{611CDB3D-2C43-4081-B5F8-780673FF090F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{736A36A3-D092-4A11-AE4B-B34E3B565A61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7DF2A16B-7154-4F81-8245-11B0DFAAE3F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8E6A89F3-8DD8-4A4B-85FF-9266B8D61247}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{8ECE7C2F-16E7-4D77-831C-43EB91C4D7CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{908932AF-A2A5-4FC1-9691-14032B61CD6F}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe |

"{953A33F0-87E8-42F7-B818-C31840B5BBD1}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe |

"{96911F94-14E6-46F2-8DC2-DDA0A7749DF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{96B73E58-94A3-4F2F-BD6E-8353733252C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{99AA7554-281A-46C4-BD14-3603A3FFEC9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9EF4B067-2F5B-4796-A6FE-407EB01C307F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A0660AB3-182A-4257-9A5C-6B895838163E}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe |

"{C2FD88D0-635E-4D74-B683-2E3E4C95F68B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{C7FB99B2-7FD8-4C50-8FA2-84F43ECA160A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{ED3EE8B0-1895-4C7D-B3F8-815FAA366DE9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{EEEF8D48-4191-4E87-8899-E7AD3B5E86D7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{F6CDC8AA-39FE-4184-B91E-530CB90DA0D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{FCB8509E-0F79-402D-837D-1FEA59469693}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{FD396FC9-579F-4986-B59F-8D1925A11F5C}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe |

"TCP Query User{4964AB3B-CFAD-428B-BCE0-66072B773760}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"TCP Query User{55E327E6-A121-42D0-87CF-52E4404F97BC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{146F714C-F720-4777-8B2C-15FC351C270E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{FD0DE1B0-5716-4510-951D-93ADAED5E232}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}" = ATI Catalyst Install Manager

"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"{3EF6F8CE-BE77-0786-CA40-3CB5BF5EBCC8}" = ccc-utility64

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{522D5958-FFF0-2849-776B-442BE2A0004C}" = WMV9/VC-1 Video Playback

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer

"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"CCleaner" = CCleaner

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Notepad2" = Notepad2 (Notepad Replacement)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04259F13-626E-814E-A80C-4601DFF3CE95}" = CCC Help Finnish

"{04D90620-2973-6F93-6E6C-C833F39C50C1}" = CCC Help Thai

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0

"{0FC61261-B251-C870-C650-8A854F1B4CF0}" = CCC Help Chinese Standard

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1D0C8FEA-F9E6-4272-8465-58903F1946D0}" = TurboTax 2011 wnyiper

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{24C563C0-5569-A3BF-DF26-AAB3F25B5375}" = CCC Help Danish

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{2823D463-54F8-F7B4-818F-B7436FF70658}" = CCC Help Portuguese

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{32F32D10-5190-7565-DD14-C235FAF81408}" = CCC Help Dutch

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{34F971C8-B75F-6B8D-4AFC-5DAB84241AE6}" = CCC Help French

"{3798E892-DB93-6BE5-D4AD-8D1C4569F5EF}" = CCC Help Norwegian

"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre

"{52A2A26B-59BE-DE58-67EA-AE33077248A0}" = CCC Help Greek

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{589EB570-9B45-8EF9-7A0F-2A5B3A37BC49}" = CCC Help Swedish

"{59F65EE9-3DD6-6944-8222-342A9947D40B}" = Catalyst Control Center InstallProxy

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration

"{60A1C223-4D86-AD1E-FB21-DE75010DABE3}" = CCC Help Hungarian

"{618AF7BF-10CD-0118-EE52-ED9BC440487B}" = CCC Help Russian

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6C313A41-2704-23C5-DA68-05BB34126233}" = CCC Help Italian

"{6C49A7D6-FD97-A573-29C7-87ED1756AC6D}" = CCC Help Chinese Traditional

"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"{70B4D913-147C-7084-961A-6728E8F2AC2E}" = CCC Help Korean

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup

"{9240D97C-D575-465E-A681-21C0979EE5DF}" = Angry Birds Seasons

"{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer

"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}" = Angry Birds Rio

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI

"{ACB77FD0-7796-82B5-51B1-3ABAD84932E7}" = Catalyst Control Center Graphics Previews Common

"{AE26F217-2100-A52C-2A00-3829358E4930}" = ccc-core-static

"{B35FB627-BB1F-E79D-9512-E7CF549B00AD}" = CCC Help Polish

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

"{C4F1B841-0C75-368C-0A54-1BAF7C8B6A91}" = CCC Help English

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE15C07B-32E3-0586-305C-975F0FEE559A}" = CCC Help Turkish

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DC280F21-4FD6-9D47-6323-7CD5C8712DFB}" = CCC Help Spanish

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED8AB7F6-E885-A8E9-1E97-2218D89FAE8F}" = CCC Help German

"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper

"{EEE6C8F8-4FDD-A08F-2292-31B34E327C0C}" = CCC Help Japanese

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F4C03C2A-E14E-EB7C-AAD7-F4FB6396BEA1}" = Catalyst Control Center Localization All

"{F9E83908-4502-9B01-6B42-21E449DD2627}" = CCC Help Czech

"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset

"{FB90923E-F94F-4343-A084-F0AB39305C8B}" = Catalyst Control Center - Branding

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AVS Audio Converter_is1" = AVS Audio Converter 7

"AVS Audio Editor_is1" = AVS Audio Editor 7.1

"AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0

"AVS Disc Creator_is1" = AVS Disc Creator 5

"AVS Document Converter_is1" = AVS Document Converter 2.1.2

"AVS DVD Authoring_is1" = AVS DVD Authoring

"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.2

"AVS Image Converter_is1" = AVS Image Converter 2.1.2.169

"AVS Media Player_is1" = AVS Media Player 4.1.8.93

"AVS Photo Editor_is1" = AVS Photo Editor

"AVS Ringtone Maker 1.6_is1" = AVS Ringtone Maker version 1.6

"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS Video Editor_is1" = AVS Video Editor 6

"AVS Video Recorder_is1" = AVS Video Recorder 2.4

"AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.8.140

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4

"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8

"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3

"AVSRegistryCleaner_is1" = AVS Registry Cleaner version 2.2

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt

"ESET Online Scanner" = ESET Online Scanner v3

"F-Secure Product 444" = Max Security

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"RapidShare Manager" = RapidShare Manager

"TurboTax 2011" = TurboTax 2011

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/17/2012 4:22:19 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/17/2012 6:48:56 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/17/2012 6:48:56 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/17/2012 6:49:01 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/17/2012 8:05:35 AM | Computer Name = Owner-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description = 1 2012-06-17 08:05:35-04:00 OWNER-PC Owner-PC\Owner F-Secure

Anti-Virus Spyware detected: Type: riskware Family: Name: Application.Generic.402655

Object: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

Error - 6/17/2012 8:16:32 AM | Computer Name = Owner-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description = 2 2012-06-17 08:16:31-04:00 OWNER-PC Owner-PC\Owner F-Secure

Anti-Virus Spyware detected: Type: riskware Family: Name: Application.Generic.402655

Object: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

Error - 6/18/2012 5:10:57 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/18/2012 1:30:23 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/19/2012 12:23:08 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/19/2012 1:32:27 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]

Error - 6/26/2012 11:28:43 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 6/26/2012 11:41:43 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

93701173

Error - 6/26/2012 11:42:40 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 6/26/2012 12:00:01 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

93701173

Error - 6/26/2012 12:00:59 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 6/26/2012 12:11:51 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

93701173

Error - 6/26/2012 12:12:49 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 6/26/2012 1:57:54 PM | Computer Name = Owner-PC | Source = F-Secure Gatekeeper | ID = 327681

Description =

Error - 6/26/2012 5:17:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

93701173

Error - 6/26/2012 5:18:08 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

< End of report >

Maniac · June 27, 2012

You still have installed ESET Online Scanner v3, so uninstall it. Next:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
:OTL
FF - prefs.js..extensions.enabledItems: firetorrent@radicalsoft.com:2.0.3
[2012/06/11 09:21:43 | 000,002,203 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\MyStart Search.xml
O4 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
[2012/06/16 22:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/26 12:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/25 13:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/25 13:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

:files
ipconfig /flushdns /c

:Commands
[emptytemp]
[clearallrestorepoints]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

dragon8161 · June 27, 2012

OTL run fix completed fix log below

All processes killed

========== OTL ==========

Prefs.js: firetorrent@radicalsoft.com:2.0.3 removed from extensions.enabledItems

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\MyStart Search.xml moved successfully.

Registry value HKEY_USERS\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.

C:\Program Files (x86)\ESET\ESET Online Scanner folder moved successfully.

C:\Program Files (x86)\ESET folder moved successfully.

C:\Program Files\SUPERAntiSpyware\Plugins folder moved successfully.

C:\Program Files\SUPERAntiSpyware\Language folder moved successfully.

C:\Program Files\SUPERAntiSpyware folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Snapshots2 folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Snapshots folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Excludes folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Backups folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy folder moved successfully.

C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Owner\Desktop\cmd.bat deleted successfully.

C:\Users\Owner\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Owner

->Temp folder emptied: 4435646 bytes

->Temporary Internet Files folder emptied: 11361341 bytes

->Java cache emptied: 1824737 bytes

->FireFox cache emptied: 69029519 bytes

->Flash cache emptied: 598 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1780103 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 84.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06272012_120714

Files\Folders moved on Reboot...

C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Maniac · June 27, 2012

Any progress?

dragon8161 · June 28, 2012

Ran speed test on Firefox 512 k down, IE 3012 k down. Unloaded Max Security and Google Chrome did not autoload.Some progress but something is still using up bandwidth when using firefox.

dragon8161 · June 28, 2012

Got home this morning tried to use Firefox, went into the not responding mode, would not bring up task manager, would not close, had to do a hard shut down to exit.

Maniac · June 28, 2012

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

dragon8161 · June 28, 2012

combofix completed log below

ComboFix 12-06-28.01 - Owner 06/28/2012 11:37:45.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6179 [GMT -4:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Max Security 9.17 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Max Security 9.17 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Max Security 9.17 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Owner\AppData\Roaming\159A.137

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))

.

2012-06-28 15:46 . 2012-06-28 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-27 18:13 . 2012-06-27 18:13 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-06-27 18:13 . 2012-06-27 18:13 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-27 18:13 . 2012-06-27 18:13 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-06-27 16:07 . 2012-06-27 16:07 -------- d-----w- C:\_OTL

2012-06-26 16:05 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18476433-70D0-4C79-ADC7-388D4F20554D}\mpengine.dll

2012-06-25 16:59 . 2012-06-27 18:13 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-06-25 16:59 . 2012-06-27 18:13 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-06-25 16:59 . 2012-06-27 18:13 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-06-21 11:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 11:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 11:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 11:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 11:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 11:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 11:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 11:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 11:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-17 10:54 . 2010-05-27 16:32 774144 ----a-w- c:\windows\SysWow64\htmlayout.dll

2012-06-17 07:00 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-17 07:00 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-17 07:00 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-06-17 07:00 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-06-17 07:00 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2012-06-17 07:00 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll

2012-06-17 01:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-17 01:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-17 01:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-17 01:52 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-17 01:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-17 01:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-17 01:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-17 01:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-17 01:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-17 01:50 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-17 01:50 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-17 01:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-17 01:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-17 01:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-17 01:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-17 01:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-17 01:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-17 01:09 . 2012-06-17 01:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Wireshark

2012-06-13 11:44 . 2012-06-13 11:44 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia

2012-06-11 23:49 . 2012-06-11 23:49 -------- d-----w- c:\programdata\Axara

2012-06-11 23:47 . 2012-06-11 23:55 -------- d-----w- c:\program files (x86)\Common Files\Axara

2012-06-11 17:49 . 2012-06-17 01:33 -------- d-----w- c:\windows\SysWow64\kodak

2012-06-11 17:05 . 2012-06-17 01:34 -------- d-----w- c:\program files (x86)\Kodak

2012-06-11 13:22 . 2012-06-11 16:36 -------- d-----w- c:\program files\Web Assistant

2012-06-11 13:18 . 2012-06-11 13:43 -------- d-----w- c:\program files (x86)\1ClickDownload

2012-06-09 14:19 . 2012-06-17 01:34 -------- d-----w- c:\users\Owner\AppData\Local\Eastman_Kodak_Company

2012-06-09 14:17 . 2012-06-09 14:17 -------- d-----w- c:\users\Owner\AppData\Local\Eastman Kodak Company

2012-06-09 14:09 . 2012-06-17 01:34 -------- d-----w- c:\programdata\Kodak

2012-06-05 14:53 . 2012-06-05 14:53 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_

2012-06-05 12:39 . 2012-06-05 12:39 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang__1969_

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-26 20:36 . 2012-04-01 17:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-26 20:36 . 2011-11-10 15:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-09 11:49 . 2012-05-09 11:49 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-04-04 22:47 . 2012-05-10 13:42 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-04-04 22:47 . 2011-03-30 02:48 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-04 19:56 . 2012-03-30 21:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"F-Secure Manager"="c:\program files (x86)\Frontier\Security\Common\FSM32.EXE" [2011-09-26 201392]

"F-Secure TNB"="c:\program files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" [2011-09-26 1655472]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R0 93701173;93701173;c:\windows\system32\DRIVERS\93701173.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 257224]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-03-30 61088]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-29 82816]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-05-09 55960]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2011-09-26 60048]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-26 46672]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-09-26 94320]

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2011-09-26 15024]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:36]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:55253

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

LSP: c:\program files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\

FF - prefs.js: browser.search.selectedEngine - Rapidshare FileFinder

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-28 11:51:06

ComboFix-quarantined-files.txt 2012-06-28 15:51

.

Pre-Run: 130,870,235,136 bytes free

Post-Run: 130,499,653,632 bytes free

.

- - End Of File - - C873DC5FF77729B07E811B61D4DD81BE

Maniac · June 29, 2012

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FileLook::
c:\windows\system32\DRIVERS\93701173.sys

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

ComboFix log
MiniToolBox log
aswMBR log

dragon8161 · June 29, 2012

Ran all scans, tried speed test after 426 k, also firefox went into unresponsive mode for 15 seconds then loaded.

ComboFix 12-06-28.03 - Owner 06/29/2012 14:30:38.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6106 [GMT -4:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

Command switches used :: c:\users\Owner\Desktop\CFScript.txt

AV: Max Security 9.17 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Max Security 9.17 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Max Security 9.17 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))

.

2012-06-29 18:39 . 2012-06-29 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-29 12:18 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4B9BA93-C968-49EF-AF15-791B593C1B1A}\mpengine.dll