Jump to content

incredibar maybe


Recommended Posts

I have run multiple scans, with malwarebytes pro, f secure max security, s d spybot, superanitspyware, eset online and others, Sometime they pick up incredibar files and delete them. After that computer will run fine for hours or days then acts infected again. I have had it running correctly about 5 differant times in the last 2 weeks. Computer is a toshiba satelite c665dm amd e350 1.60 ghz processer, 8 g ram, 64 bit windows 7 home premium. My internet runs at about 3000 k normally, it has been running around 400k with the infection. Does not make any difference whether I use wireless or wired. I have two other laptops and they are running at 3000 k+. I mainly use firefox as my browser, it has been going into the not responding mode alot, I have deleted and reinstalled firefox with no changes. My adobe flash has also been crashing, it also has been reinstalled. Now anytime I disable my main security (F secure Max) (had to to run e set online scanner) Google chrome automaticly installs and makes itself my default browser. requested files are below.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.26.06

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

Protection: Enabled

6/26/2012 1:38:13 PM

mbam-log-2012-06-26 (13-38-13).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205801

Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Owner at 13:47:10 on 2012-06-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.5537 [GMT -4:00]

.

AV: Max Security 9.17 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

SP: Max Security 9.17 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Max Security 9.17 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Frontier\Security\Anti-Virus\FSGK32.EXE

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Frontier\Security\Common\FSHDLL32.EXE

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\Frontier\Security\Common\FSHDLL64.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe

C:\Program Files (x86)\Frontier\Security\FWES\Program\fsdfwd.exe

C:\Program Files (x86)\Frontier\Security\Anti-Virus\fssm32.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Frontier\Security\Spam Control\fsscoepl_x64.exe

C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsav32.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Users\Owner\AppData\Local\Temp\SUPERSetup\SAS_LaunchChromeSetup.exe

C:\Users\Owner\AppData\Local\Temp\SUPERSetup\SupportCom_Chrome_v1.exe

C:\Program Files (x86)\Google\googleupdatesetup_1.2.183.29.exe

C:\Users\Owner\AppData\Local\Temp\GUM1E79.tmp\GoogleUpdate.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\msiexec.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://start.toshiba.com/g/

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:55253

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [F-Secure Manager] "C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{2BE08BC4-E7DC-4552-99A3-483171EBF35B} : DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{43466DCC-1E51-4A9B-8351-B7CEAD2A04EA} : DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{43466DCC-1E51-4A9B-8351-B7CEAD2A04EA}\C696E6B6379737 : DhcpNameServer = 192.168.254.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll

BHO-X64: LitmusBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE" /splash

mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\

FF - prefs.js: browser.search.selectedEngine - Rapidshare FileFinder

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\10litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\11litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\12litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\13litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\6litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\7litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\8litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\9litmus-ff.dll

FF - component: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll

FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]

R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2011-8-11 42672]

R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2012-3-30 60048]

R1 FSES;F-Secure Email Scanning Driver;C:\windows\system32\drivers\fses.sys --> C:\windows\system32\drivers\fses.sys [?]

R1 FSFW;F-Secure Firewall Driver;C:\windows\system32\drivers\fsdfw.sys --> C:\windows\system32\drivers\fsdfw.sys [?]

R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2012-3-30 15024]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe [2012-3-30 221872]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-14 654408]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-3-30 199848]

R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-3-30 61088]

R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

RUnknown SASKUTIL;SASKUTIL; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-26 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-7-2 51576]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-26 16:20:12 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-06-26 16:05:47 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{18476433-70D0-4C79-ADC7-388D4F20554D}\mpengine.dll

2012-06-25 17:51:29 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-06-25 17:51:29 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-06-25 16:59:17 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2012-06-25 16:59:17 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2012-06-25 16:59:17 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2012-06-25 16:59:17 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2012-06-21 11:00:53 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-21 11:00:30 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-21 11:00:15 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-21 11:00:15 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-17 10:54:02 774144 ----a-w- C:\windows\SysWow64\htmlayout.dll

2012-06-17 07:00:59 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-06-17 07:00:59 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-06-17 07:00:57 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2012-06-17 07:00:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2012-06-17 07:00:57 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll

2012-06-17 07:00:57 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll

2012-06-17 02:01:17 -------- d-----w- C:\Program Files (x86)\ESET

2012-06-17 01:53:55 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-06-17 01:53:55 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-06-17 01:53:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-06-17 01:52:55 3146752 ----a-w- C:\windows\System32\win32k.sys

2012-06-17 01:52:42 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-06-17 01:52:40 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-06-17 01:52:38 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-06-17 01:52:34 209920 ----a-w- C:\windows\System32\profsvc.dll

2012-06-17 01:52:26 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-06-17 01:50:44 3216384 ----a-w- C:\windows\System32\msi.dll

2012-06-17 01:50:43 2342400 ----a-w- C:\windows\SysWow64\msi.dll

2012-06-17 01:50:17 1462272 ----a-w- C:\windows\System32\crypt32.dll

2012-06-17 01:50:16 184320 ----a-w- C:\windows\System32\cryptsvc.dll

2012-06-17 01:50:16 140288 ----a-w- C:\windows\System32\cryptnet.dll

2012-06-17 01:50:16 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll

2012-06-17 01:50:15 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll

2012-06-17 01:50:15 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll

2012-06-17 01:09:47 -------- d-----w- C:\Users\Owner\AppData\Roaming\Wireshark

2012-06-13 11:44:30 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia

2012-06-11 23:49:30 -------- d-----w- C:\ProgramData\Axara

2012-06-11 23:47:07 -------- d-----w- C:\Program Files (x86)\Common Files\Axara

2012-06-11 17:49:58 -------- d-----w- C:\windows\SysWow64\kodak

2012-06-11 17:05:21 -------- d-----w- C:\Program Files (x86)\Kodak

2012-06-11 13:22:33 -------- d-----w- C:\Program Files\Web Assistant

2012-06-11 13:18:41 -------- d-----w- C:\Program Files (x86)\1ClickDownload

2012-06-09 14:19:23 -------- d-----w- C:\Users\Owner\AppData\Local\Eastman_Kodak_Company

2012-06-09 14:17:29 -------- d-----w- C:\Users\Owner\AppData\Local\Eastman Kodak Company

2012-06-09 14:09:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\Temp

2012-06-09 14:09:43 -------- d-----w- C:\ProgramData\Kodak

2012-06-05 14:53:33 -------- d-----w- C:\Users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_

2012-06-05 12:39:11 -------- d-----w- C:\Users\Owner\The_Over-the-Hill_Gang__1969_

.

==================== Find3M ====================

.

2012-06-23 21:12:55 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 21:12:55 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-05-09 11:49:29 55960 ----a-w- C:\windows\System32\drivers\fsbts.sys

2012-04-04 22:47:08 772504 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2012-04-04 22:47:02 687504 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-04-04 19:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys

.

============= FINISH: 13:48:43.56 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/30/2011 12:13:23 PM

System Uptime: 6/26/2012 12:11:22 PM (1 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: AMD E-350 Processor | Socket FT1 | 800/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 285 GiB total, 124.327 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet F4500 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Deskjet F4500 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP137: 6/16/2012 9:26:04 PM - Restore Operation

RP138: 6/16/2012 9:50:54 PM - Windows Update

RP139: 6/17/2012 3:00:16 AM - Windows Update

RP140: 6/18/2012 5:44:21 AM - AVS Registry Cleaner First Launch

RP141: 6/18/2012 5:47:18 AM - Backup_2012_06_18

RP142: 6/19/2012 7:29:59 AM - Backup_2012_06_19

RP143: 6/21/2012 6:59:39 AM - Windows Update

RP144: 6/22/2012 5:16:37 AM - Windows Update

RP145: 6/25/2012 9:38:58 PM - Restore Operation

RP146: 6/25/2012 9:50:22 PM - Windows Update

RP147: 6/25/2012 10:05:06 PM - Windows Update

RP148: 6/26/2012 11:54:21 AM - Restore Operation

RP149: 6/26/2012 12:04:54 PM - Windows Update

.

==== Installed Programs ======================

.

.

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3) MUI

Angry Birds Rio

Angry Birds Seasons

Angry Birds Space

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

AVS Audio Converter 7

AVS Audio Editor 7.1

AVS Audio Recorder version 4.0

AVS Cover Editor 2.0.1.3

AVS Disc Creator 5

AVS Document Converter 2.1.2

AVS DVD Authoring

AVS DVD Copy version 4.1.2

AVS Image Converter 2.1.2.169

AVS Media Player 4.1.8.93

AVS Photo Editor

AVS Registry Cleaner version 2.2

AVS Ringtone Maker version 1.6

AVS Screen Capture version 2.0.1

AVS Update Manager 1.0

AVS Video Converter 8

AVS Video Editor 6

AVS Video Recorder 2.4

AVS Video ReMaker 4.0.8.140

AVS4YOU Software Navigator 1.4

calibre

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Coupon Printer for Windows

D3DX10

DJ_AIO_06_F4500_SW_MIN

DVDFab 8.1.7.8 (17/04/2012) Qt

ESET Online Scanner v3

Google Chrome

Google Update Helper

Java Auto Updater

Java™ 6 Update 29

Java™ 7 Update 4

JavaFX 2.1.0

Junk Mail filter update

Label@Once 1.0

Malwarebytes Anti-Malware version 1.61.0.1400

Max Security

Mesh Runtime

Microsoft Office 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 9.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PlayReady PC Runtime x86

RapidShare Manager

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Toolbox

TOSHIBA Application Installer

TOSHIBA Assist

Toshiba Book Place

TOSHIBA Bulletin Board

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

ToshibaRegistration

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wnyiper

TurboTax 2011 wrapper

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

93701173

6/26/2012 12:12:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

6/26/2012 12:11:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:

6/26/2012 11:26:04 AM, Error: F-Secure Gatekeeper [1] -

6/22/2012 11:56:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

6/20/2012 9:41:30 AM, Error: volsnap [27] - The shadow copies of volume G: were aborted during detection because a critical control file could not be opened.

6/20/2012 9:40:48 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello dragon8161! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt

Link to post
Share on other sites

Teatimer must be left over from when I tried spybot to remove malware. I had uninstalled spybot after the attempt using windows uninstaller. I can not access spybot without reinstalling. Can you give me direction on how to uninstall or delete teatimer with or without reinstalling spybot? I also noticed that there is other left over files from spybot and eset online scanner. My two active virus/malware programs are Malwarebytes Pro and F-Secure (also known as Max Security) anything else you see can be uninstalled if you tell me how. Thank you for your help.

Link to post
Share on other sites

step 1 I could not do

Step 2 done with negative results

Step 3 posted below

I also noted that it appears only firefox is effected so far, Internet Explore is still operation well, with speeds up to 3000k.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.27.01

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

Protection: Enabled

6/26/2012 9:53:08 PM

mbam-log-2012-06-26 (21-53-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205931

Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

OTL logfile created on: 6/26/2012 9:59:37 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.60 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 79.57% Memory free

15.20 Gb Paging File | 13.53 Gb Available in Paging File | 89.03% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.29 Gb Total Space | 124.21 Gb Free Space | 43.54% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/26 21:57:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

PRC - [2012/05/29 09:30:29 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fssm32.exe

PRC - [2012/05/29 09:30:28 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/30 17:07:55 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe

PRC - [2012/03/30 17:06:48 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsav32.exe

PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/09/26 11:53:24 | 000,201,392 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE

PRC - [2011/09/26 11:53:24 | 000,189,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE

PRC - [2011/09/26 11:53:24 | 000,090,800 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSHDLL32.EXE

PRC - [2011/09/26 11:52:10 | 000,221,872 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe

PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/26 11:53:50 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSPC\fspcfsm.eng

MOD - [2011/09/26 11:52:22 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\strres.eng

MOD - [2011/09/26 11:52:20 | 000,553,648 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\gres.dll

MOD - [2011/09/26 11:52:20 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\fsavures.eng

MOD - [2011/09/26 11:52:18 | 000,443,056 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\about.dll

MOD - [2011/09/26 11:52:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\flyerres.eng

MOD - [2011/09/26 11:52:18 | 000,090,800 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\aboutres.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/10 15:52:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/10/20 17:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/06/26 16:36:44 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/24 12:08:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/30 17:07:55 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe -- (FSORSPClient)

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/09/26 11:53:24 | 000,189,104 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE -- (FSMA)

SRV - [2011/09/26 11:52:38 | 000,847,024 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\FWES\program\fsdfwd.exe -- (FSDFWD)

SRV - [2011/09/26 11:52:10 | 000,221,872 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)

SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2010/07/01 13:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/09 07:49:29 | 000,055,960 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/29 17:17:24 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2011/09/26 11:52:38 | 000,094,320 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)

DRV:64bit: - [2011/09/26 11:52:32 | 000,046,672 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/14 15:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2011/02/10 16:22:00 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/02/10 15:15:08 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2011/01/05 04:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/11 15:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/11/05 10:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/11/05 10:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/10/08 14:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/09/27 18:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012/05/29 09:31:18 | 000,199,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)

DRV - [2011/09/26 11:53:16 | 000,060,048 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Frontier\Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)

DRV - [2011/09/26 11:52:10 | 000,015,024 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys -- (fsvista)

DRV - [2011/08/17 08:33:43 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}

IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}

IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\SearchScopes,DefaultScope = {193CE2D3-9E39-4216-9C24-A42A6DAF31E1}

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_en

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\SearchScopes\{193CE2D3-9E39-4216-9C24-A42A6DAF31E1}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55253

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Rapidshare FileFinder"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.1

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8

FF - prefs.js..extensions.enabledItems: firetorrent@radicalsoft.com:2.0.3

FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.18

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Frontier\Security\NRS\litmus-ff@f-secure.com [2012/06/05 00:31:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/26 12:08:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/13 23:05:58 | 000,000,000 | ---D | M]

[2011/08/11 14:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions

[2012/06/26 16:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions

[2012/03/30 00:17:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/02/12 09:11:41 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2012/05/19 18:12:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012/06/11 09:21:43 | 000,002,203 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\MyStart Search.xml

[2011/10/06 17:49:38 | 000,001,115 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\rapidshare-filefinder.xml

[2012/06/26 12:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/06/05 00:31:33 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES (X86)\FRONTIER\SECURITY\NRS\LITMUS-FF@F-SECURE.COM

[2012/06/26 11:17:18 | 000,339,843 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI

[2012/06/26 16:45:49 | 000,089,442 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI

[2012/06/11 10:13:15 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/05/05 09:54:57 | 000,015,675 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHTHFZ9P.DEFAULT USER\EXTENSIONS\REMEMBER-PASSWORDS@STANIMIR-STAMENKOV.ADDONS.MOZILLA.ORG.XPI

[2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/07/13 17:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2011/10/27 10:07:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/07/13 17:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE08BC4-E7DC-4552-99A3-483171EBF35B}: DhcpNameServer = 192.168.254.254 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43466DCC-1E51-4A9B-8351-B7CEAD2A04EA}: DhcpNameServer = 192.168.254.254 192.168.254.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{39b7ed5c-bacb-11e1-a2dc-00266cc8b068}\Shell - "" = AutoRun

O33 - MountPoints2\{39b7ed5c-bacb-11e1-a2dc-00266cc8b068}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{e58a007c-c9cd-11e0-b4a8-00266cc8b068}\Shell - "" = AutoRun

O33 - MountPoints2\{e58a007c-c9cd-11e0-b4a8-00266cc8b068}\Shell\AutoRun\command - "" = E:\HPLauncher.exe

O33 - MountPoints2\{ff9997ae-c448-11e0-8b0e-00266cc8b068}\Shell - "" = AutoRun

O33 - MountPoints2\{ff9997ae-c448-11e0-8b0e-00266cc8b068}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 21:57:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/06/26 13:35:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr

[2012/06/26 12:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/06/25 13:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/06/25 13:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/06/17 06:54:02 | 000,774,144 | ---- | C] (Terra Informatica Software, Inc., British Columbia, Canada.) -- C:\windows\SysWow64\htmlayout.dll

[2012/06/16 22:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/06/16 21:09:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Wireshark

[2012/06/13 07:44:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia

[2012/06/11 19:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Axara

[2012/06/11 19:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Axara

[2012/06/11 13:49:58 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\kodak

[2012/06/11 13:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak

[2012/06/11 09:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant

[2012/06/11 09:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload

[2012/06/09 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Eastman_Kodak_Company

[2012/06/09 10:17:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Eastman Kodak Company

[2012/06/09 10:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak

[2012/06/09 10:09:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Temp

[2012/06/09 10:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak

[2012/06/05 10:53:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_

[2012/06/05 08:39:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\The_Over-the-Hill_Gang__1969_

[2011/10/29 17:17:24 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/26 21:57:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/06/26 21:12:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/06/26 17:24:44 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/26 17:24:44 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/26 17:16:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/06/26 17:16:52 | 1825,726,463 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/26 13:35:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr

[2012/06/26 12:08:32 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/06/26 12:08:31 | 000,002,067 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/06/25 14:22:01 | 000,185,726 | ---- | M] () -- C:\Users\Owner\Desktop\bookmarks-2012-06-25.json

[2012/06/25 14:11:27 | 000,162,856 | ---- | M] () -- C:\Users\Owner\Desktop\Untitled.jpg

[2012/06/25 12:58:22 | 000,007,607 | ---- | M] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg

[2012/06/22 16:57:16 | 000,762,458 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/06/22 16:57:16 | 000,649,202 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/06/22 16:57:16 | 000,116,760 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/06/18 05:10:05 | 000,290,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/06/17 07:25:38 | 001,657,725 | ---- | M] () -- C:\Users\Owner\Documents\heatwave grilling guide rev2009.pdf

[2012/06/17 06:59:14 | 000,001,216 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Disc Creator.lnk

[2012/06/17 06:57:12 | 000,001,252 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Audio Converter.lnk

[2012/06/17 06:56:34 | 000,001,216 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Media Player.lnk

[2012/06/17 06:54:40 | 000,001,252 | ---- | M] () -- C:\Users\Owner\Desktop\AVS Video Converter.lnk

[2012/06/16 15:39:14 | 000,822,419 | ---- | M] () -- C:\Users\Owner\AppData\Local\census.cache

[2012/06/16 15:38:55 | 000,105,430 | ---- | M] () -- C:\Users\Owner\AppData\Local\ars.cache

[2012/06/16 15:29:08 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache

[2012/06/15 08:17:48 | 003,245,374 | ---- | M] () -- C:\Users\Owner\Documents\Netgear_7550_BHSI_Reference_Guide.pdf

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/25 14:22:00 | 000,185,726 | ---- | C] () -- C:\Users\Owner\Desktop\bookmarks-2012-06-25.json

[2012/06/25 14:11:26 | 000,162,856 | ---- | C] () -- C:\Users\Owner\Desktop\Untitled.jpg

[2012/06/17 07:25:38 | 001,657,725 | ---- | C] () -- C:\Users\Owner\Documents\heatwave grilling guide rev2009.pdf

[2012/06/17 06:57:12 | 000,001,252 | ---- | C] () -- C:\Users\Owner\Desktop\AVS Audio Converter.lnk

[2012/06/17 06:56:34 | 000,001,216 | ---- | C] () -- C:\Users\Owner\Desktop\AVS Media Player.lnk

[2012/06/17 06:54:40 | 000,001,252 | ---- | C] () -- C:\Users\Owner\Desktop\AVS Video Converter.lnk

[2012/06/16 15:39:14 | 000,822,419 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache

[2012/06/16 15:38:55 | 000,105,430 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache

[2012/06/16 15:29:08 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache

[2012/06/15 08:29:42 | 003,245,374 | ---- | C] () -- C:\Users\Owner\Documents\Netgear_7550_BHSI_Reference_Guide.pdf

[2012/05/06 11:54:19 | 000,000,005 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mbam.context.scan

[2012/04/04 13:06:41 | 000,007,607 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg

[2012/02/10 10:13:58 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2012/01/27 10:47:48 | 000,023,978 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Notepad2.ini

[2012/01/11 09:14:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2011/12/23 00:01:50 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{A69A8F95-5AB0-457D-B177-10CF2AA32681}

[2011/10/29 17:17:24 | 000,099,384 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\inst.exe

[2011/10/29 17:17:24 | 000,007,859 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat

[2011/10/29 17:17:24 | 000,001,167 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf

[2011/08/24 15:52:39 | 000,008,104 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\159A.137

[2011/08/18 18:40:00 | 000,524,288 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll

[2011/08/18 18:40:00 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll

[2011/08/11 16:07:38 | 000,042,672 | ---- | C] () -- C:\windows\SysWow64\drivers\fsbts.sys

[2011/08/11 16:06:57 | 000,777,242 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/08/11 15:33:42 | 000,173,326 | ---- | C] () -- C:\windows\hpoins46.dat

[2011/08/11 15:33:41 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat

[2011/07/02 22:09:56 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe

[2011/07/02 22:03:54 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2011/07/02 22:01:20 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/02/10 17:43:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\calibre

[2012/03/23 18:09:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rovio

[2012/06/09 10:09:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Temp

[2011/10/13 11:11:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thinstall

[2011/07/30 16:18:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba

[2011/10/30 17:20:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP

[2012/01/11 10:05:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vso

[2011/07/30 12:14:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

[2012/06/16 21:09:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wireshark

[2012/05/14 08:11:58 | 000,032,634 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 6/26/2012 9:59:37 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.60 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 79.57% Memory free

15.20 Gb Paging File | 13.53 Gb Available in Paging File | 89.03% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.29 Gb Total Space | 124.21 Gb Free Space | 43.54% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2493216118-4062180646-4280587544-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)

Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)

Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0325FBAE-4537-479F-A13F-55FC3F846C3B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{03DE67E1-672B-45A1-8373-04348F11114F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{03EE766B-E086-4D5B-8DF0-BF3B97F0BB9E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{08587E3D-EDB4-4DD2-B694-ED03300028D3}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |

"{08D1FC44-7AD5-4EF9-BAC7-032AB33DE23C}" = lport=67 | protocol=17 | dir=in | name=dhcp server |

"{0DC7F033-549D-45EF-BE2B-067B8935AB77}" = rport=138 | protocol=17 | dir=out | app=system |

"{14AB2AF9-56FB-4FD4-A54A-B1F6A0546096}" = lport=138 | protocol=17 | dir=in | app=system |

"{16EA5E6A-F41F-4E7D-BD0E-9F22F2880584}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{1ADD7169-E3B6-43C1-BC11-CF39D8A9A03E}" = rport=139 | protocol=6 | dir=out | app=system |

"{1D751C5E-19BD-4EE1-B074-D30B3C7140E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2DE1DD9E-03C5-41DB-9312-F6946AFF1749}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{347867FA-6224-4438-8B0D-CEBD3FA74B56}" = lport=80 | protocol=6 | dir=in | app=system |

"{3640AA6F-A8B8-4042-B73A-85B8286C281F}" = rport=137 | protocol=17 | dir=out | app=system |

"{43805FE7-D3FD-45A4-88E2-0FCC8DE92654}" = lport=10243 | protocol=6 | dir=in | app=system |

"{4645C308-2133-44A2-B6DE-9037A5AC82B8}" = lport=445 | protocol=6 | dir=in | app=system |

"{4A8BEE2D-8097-4262-BFE7-31D8AEF167C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4EF62858-497E-4226-B51C-BCC89F1B7B30}" = lport=137 | protocol=17 | dir=in | app=system |

"{505D9248-1DC0-4F21-81A1-FF051421C364}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{52DFF76B-B404-4F6D-8AD4-406F921CFC1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5E2529D7-4F25-40D3-8ADC-DDE1137686DD}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |

"{5FAA62C2-60E2-405B-8C36-DAD220C12259}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{60315EAE-99D8-4144-B45D-17DFFADE59B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{695FF8F5-C991-46C9-BE6F-E100793C2EBF}" = lport=139 | protocol=6 | dir=in | app=system |

"{8D2E385E-FA84-47F4-A045-D0BB81532997}" = rport=10243 | protocol=6 | dir=out | app=system |

"{A2BA94E2-6EDC-46D0-88AD-6BFC2929EBF8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A8B7E8E9-FF1B-43B0-B2D4-84ACE3858799}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{AC32921E-67F9-4561-9891-907B6986CD54}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{B826C55C-FFD8-470E-B98A-01B6C8287632}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{BCD5E252-7514-45DB-8B06-FD8C679CBE76}" = lport=5985 | protocol=6 | dir=in | app=system |

"{C2498A10-A860-458E-BE13-7652D6C13032}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CA9E1CE5-8E7B-40D3-8B5B-92C7E17C3681}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{CB724FB8-669F-4B2A-954E-053867D69FE5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CBFD4BC7-5340-47F2-B52C-6DA3D497F27A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{DADD209F-3463-4B27-8AAB-68593A0D7308}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E154CEA0-0DB7-4D59-96B4-A3CDAA2BBFA1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{E2DEF2DA-3DE4-4A77-8CC9-625E50B0B60B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F5A11290-466E-47B5-BD7A-472CE0FC1443}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |

"{FA034507-7CBC-48A6-A647-2D6089B9AA93}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{FD8927FF-9D35-45D2-99F7-026ABA35026E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{FEAA81F6-D5C9-4C23-8359-195FD37D7BB6}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0905582C-FD1A-4FCB-B2C8-6A07C109E3D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{23A5654A-2557-4718-A769-897C150A90EE}" = protocol=6 | dir=out | app=system |

"{2C01A374-AF1F-4C96-AF18-35B289B41159}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{343164E2-8EDF-4C1C-8030-A49136BEBE99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{34BFDA78-6AE5-4698-8620-1B4CC951861C}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe |

"{376DC99A-0CD0-4BDD-BF6A-A924D313A601}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{3946D72E-53ED-46B9-9E80-EE8CF1328D8A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{43187CD1-3D50-4642-8AA8-5F757F3583B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{58D943C4-91E3-429F-A208-F380DE73E0A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{594B1CF4-A867-4355-848B-2E2DF60A21A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{5C6DD614-CA22-4326-95F7-5AA1045A73FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{601E2FA6-D546-4E71-9798-24886177103A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{611CDB3D-2C43-4081-B5F8-780673FF090F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{736A36A3-D092-4A11-AE4B-B34E3B565A61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7DF2A16B-7154-4F81-8245-11B0DFAAE3F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8E6A89F3-8DD8-4A4B-85FF-9266B8D61247}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{8ECE7C2F-16E7-4D77-831C-43EB91C4D7CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{908932AF-A2A5-4FC1-9691-14032B61CD6F}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner64.exe |

"{953A33F0-87E8-42F7-B818-C31840B5BBD1}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe |

"{96911F94-14E6-46F2-8DC2-DDA0A7749DF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{96B73E58-94A3-4F2F-BD6E-8353733252C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{99AA7554-281A-46C4-BD14-3603A3FFEC9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9EF4B067-2F5B-4796-A6FE-407EB01C307F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A0660AB3-182A-4257-9A5C-6B895838163E}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe |

"{C2FD88D0-635E-4D74-B683-2E3E4C95F68B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{C7FB99B2-7FD8-4C50-8FA2-84F43ECA160A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{ED3EE8B0-1895-4C7D-B3F8-815FAA366DE9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{EEEF8D48-4191-4E87-8899-E7AD3B5E86D7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{F6CDC8AA-39FE-4184-B91E-530CB90DA0D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{FCB8509E-0F79-402D-837D-1FEA59469693}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{FD396FC9-579F-4986-B59F-8D1925A11F5C}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe |

"TCP Query User{4964AB3B-CFAD-428B-BCE0-66072B773760}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"TCP Query User{55E327E6-A121-42D0-87CF-52E4404F97BC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{146F714C-F720-4777-8B2C-15FC351C270E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{FD0DE1B0-5716-4510-951D-93ADAED5E232}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}" = ATI Catalyst Install Manager

"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"{3EF6F8CE-BE77-0786-CA40-3CB5BF5EBCC8}" = ccc-utility64

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{522D5958-FFF0-2849-776B-442BE2A0004C}" = WMV9/VC-1 Video Playback

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer

"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"CCleaner" = CCleaner

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Notepad2" = Notepad2 (Notepad Replacement)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04259F13-626E-814E-A80C-4601DFF3CE95}" = CCC Help Finnish

"{04D90620-2973-6F93-6E6C-C833F39C50C1}" = CCC Help Thai

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0

"{0FC61261-B251-C870-C650-8A854F1B4CF0}" = CCC Help Chinese Standard

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1D0C8FEA-F9E6-4272-8465-58903F1946D0}" = TurboTax 2011 wnyiper

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{24C563C0-5569-A3BF-DF26-AAB3F25B5375}" = CCC Help Danish

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{2823D463-54F8-F7B4-818F-B7436FF70658}" = CCC Help Portuguese

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{32F32D10-5190-7565-DD14-C235FAF81408}" = CCC Help Dutch

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{34F971C8-B75F-6B8D-4AFC-5DAB84241AE6}" = CCC Help French

"{3798E892-DB93-6BE5-D4AD-8D1C4569F5EF}" = CCC Help Norwegian

"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre

"{52A2A26B-59BE-DE58-67EA-AE33077248A0}" = CCC Help Greek

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{589EB570-9B45-8EF9-7A0F-2A5B3A37BC49}" = CCC Help Swedish

"{59F65EE9-3DD6-6944-8222-342A9947D40B}" = Catalyst Control Center InstallProxy

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration

"{60A1C223-4D86-AD1E-FB21-DE75010DABE3}" = CCC Help Hungarian

"{618AF7BF-10CD-0118-EE52-ED9BC440487B}" = CCC Help Russian

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6C313A41-2704-23C5-DA68-05BB34126233}" = CCC Help Italian

"{6C49A7D6-FD97-A573-29C7-87ED1756AC6D}" = CCC Help Chinese Traditional

"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"{70B4D913-147C-7084-961A-6728E8F2AC2E}" = CCC Help Korean

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup

"{9240D97C-D575-465E-A681-21C0979EE5DF}" = Angry Birds Seasons

"{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer

"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A409B55C-DD9B-4157-86D7-FD6F4F0F2C1A}" = Angry Birds Rio

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI

"{ACB77FD0-7796-82B5-51B1-3ABAD84932E7}" = Catalyst Control Center Graphics Previews Common

"{AE26F217-2100-A52C-2A00-3829358E4930}" = ccc-core-static

"{B35FB627-BB1F-E79D-9512-E7CF549B00AD}" = CCC Help Polish

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

"{C4F1B841-0C75-368C-0A54-1BAF7C8B6A91}" = CCC Help English

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE15C07B-32E3-0586-305C-975F0FEE559A}" = CCC Help Turkish

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DC280F21-4FD6-9D47-6323-7CD5C8712DFB}" = CCC Help Spanish

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED8AB7F6-E885-A8E9-1E97-2218D89FAE8F}" = CCC Help German

"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper

"{EEE6C8F8-4FDD-A08F-2292-31B34E327C0C}" = CCC Help Japanese

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F4C03C2A-E14E-EB7C-AAD7-F4FB6396BEA1}" = Catalyst Control Center Localization All

"{F9E83908-4502-9B01-6B42-21E449DD2627}" = CCC Help Czech

"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset

"{FB90923E-F94F-4343-A084-F0AB39305C8B}" = Catalyst Control Center - Branding

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AVS Audio Converter_is1" = AVS Audio Converter 7

"AVS Audio Editor_is1" = AVS Audio Editor 7.1

"AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0

"AVS Disc Creator_is1" = AVS Disc Creator 5

"AVS Document Converter_is1" = AVS Document Converter 2.1.2

"AVS DVD Authoring_is1" = AVS DVD Authoring

"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.2

"AVS Image Converter_is1" = AVS Image Converter 2.1.2.169

"AVS Media Player_is1" = AVS Media Player 4.1.8.93

"AVS Photo Editor_is1" = AVS Photo Editor

"AVS Ringtone Maker 1.6_is1" = AVS Ringtone Maker version 1.6

"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS Video Editor_is1" = AVS Video Editor 6

"AVS Video Recorder_is1" = AVS Video Recorder 2.4

"AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.8.140

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4

"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8

"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3

"AVSRegistryCleaner_is1" = AVS Registry Cleaner version 2.2

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt

"ESET Online Scanner" = ESET Online Scanner v3

"F-Secure Product 444" = Max Security

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"RapidShare Manager" = RapidShare Manager

"TurboTax 2011" = TurboTax 2011

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/17/2012 4:22:19 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/17/2012 6:48:56 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/17/2012 6:48:56 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/17/2012 6:49:01 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/17/2012 8:05:35 AM | Computer Name = Owner-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description = 1 2012-06-17 08:05:35-04:00 OWNER-PC Owner-PC\Owner F-Secure

Anti-Virus Spyware detected: Type: riskware Family: Name: Application.Generic.402655

Object: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

Error - 6/17/2012 8:16:32 AM | Computer Name = Owner-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description = 2 2012-06-17 08:16:31-04:00 OWNER-PC Owner-PC\Owner F-Secure

Anti-Virus Spyware detected: Type: riskware Family: Name: Application.Generic.402655

Object: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

Error - 6/18/2012 5:10:57 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/18/2012 1:30:23 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/19/2012 12:23:08 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/19/2012 1:32:27 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]

Error - 6/26/2012 11:28:43 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 6/26/2012 11:41:43 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

93701173

Error - 6/26/2012 11:42:40 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 6/26/2012 12:00:01 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

93701173

Error - 6/26/2012 12:00:59 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 6/26/2012 12:11:51 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

93701173

Error - 6/26/2012 12:12:49 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 6/26/2012 1:57:54 PM | Computer Name = Owner-PC | Source = F-Secure Gatekeeper | ID = 327681

Description =

Error - 6/26/2012 5:17:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

93701173

Error - 6/26/2012 5:18:08 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

< End of report >

Link to post
Share on other sites

You still have installed ESET Online Scanner v3, so uninstall it. Next:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    :OTL
    FF - prefs.js..extensions.enabledItems: firetorrent@radicalsoft.com:2.0.3
    [2012/06/11 09:21:43 | 000,002,203 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\MyStart Search.xml
    O4 - HKU\S-1-5-21-2493216118-4062180646-4280587544-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    [2012/06/16 22:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/06/26 12:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/06/25 13:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/06/25 13:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

    :files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

OTL run fix completed fix log below

All processes killed

========== OTL ==========

========== OTL ==========

Prefs.js: firetorrent@radicalsoft.com:2.0.3 removed from extensions.enabledItems

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\searchplugins\MyStart Search.xml moved successfully.

Registry value HKEY_USERS\S-1-5-21-2493216118-4062180646-4280587544-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.

C:\Program Files (x86)\ESET\ESET Online Scanner folder moved successfully.

C:\Program Files (x86)\ESET folder moved successfully.

C:\Program Files\SUPERAntiSpyware\Plugins folder moved successfully.

C:\Program Files\SUPERAntiSpyware\Language folder moved successfully.

C:\Program Files\SUPERAntiSpyware folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Snapshots2 folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Snapshots folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Excludes folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Backups folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy folder moved successfully.

C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Owner\Desktop\cmd.bat deleted successfully.

C:\Users\Owner\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Owner

->Temp folder emptied: 4435646 bytes

->Temporary Internet Files folder emptied: 11361341 bytes

->Java cache emptied: 1824737 bytes

->FireFox cache emptied: 69029519 bytes

->Flash cache emptied: 598 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1780103 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 84.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06272012_120714

Files\Folders moved on Reboot...

C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

combofix completed log below

ComboFix 12-06-28.01 - Owner 06/28/2012 11:37:45.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6179 [GMT -4:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Max Security 9.17 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Max Security 9.17 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Max Security 9.17 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Owner\AppData\Roaming\159A.137

.

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))

.

.

2012-06-28 15:46 . 2012-06-28 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-27 18:13 . 2012-06-27 18:13 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-06-27 18:13 . 2012-06-27 18:13 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-27 18:13 . 2012-06-27 18:13 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-06-27 16:07 . 2012-06-27 16:07 -------- d-----w- C:\_OTL

2012-06-26 16:05 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18476433-70D0-4C79-ADC7-388D4F20554D}\mpengine.dll

2012-06-25 16:59 . 2012-06-27 18:13 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-06-25 16:59 . 2012-06-27 18:13 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-06-25 16:59 . 2012-06-27 18:13 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-06-21 11:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 11:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 11:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 11:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 11:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 11:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 11:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 11:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 11:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-17 10:54 . 2010-05-27 16:32 774144 ----a-w- c:\windows\SysWow64\htmlayout.dll

2012-06-17 07:00 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-17 07:00 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-17 07:00 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-06-17 07:00 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-06-17 07:00 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2012-06-17 07:00 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll

2012-06-17 01:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-17 01:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-17 01:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-17 01:52 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-17 01:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-17 01:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-17 01:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-17 01:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-17 01:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-17 01:50 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-17 01:50 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-17 01:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-17 01:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-17 01:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-17 01:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-17 01:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-17 01:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-17 01:09 . 2012-06-17 01:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Wireshark

2012-06-13 11:44 . 2012-06-13 11:44 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia

2012-06-11 23:49 . 2012-06-11 23:49 -------- d-----w- c:\programdata\Axara

2012-06-11 23:47 . 2012-06-11 23:55 -------- d-----w- c:\program files (x86)\Common Files\Axara

2012-06-11 17:49 . 2012-06-17 01:33 -------- d-----w- c:\windows\SysWow64\kodak

2012-06-11 17:05 . 2012-06-17 01:34 -------- d-----w- c:\program files (x86)\Kodak

2012-06-11 13:22 . 2012-06-11 16:36 -------- d-----w- c:\program files\Web Assistant

2012-06-11 13:18 . 2012-06-11 13:43 -------- d-----w- c:\program files (x86)\1ClickDownload

2012-06-09 14:19 . 2012-06-17 01:34 -------- d-----w- c:\users\Owner\AppData\Local\Eastman_Kodak_Company

2012-06-09 14:17 . 2012-06-09 14:17 -------- d-----w- c:\users\Owner\AppData\Local\Eastman Kodak Company

2012-06-09 14:09 . 2012-06-17 01:34 -------- d-----w- c:\programdata\Kodak

2012-06-05 14:53 . 2012-06-05 14:53 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_

2012-06-05 12:39 . 2012-06-05 12:39 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang__1969_

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-26 20:36 . 2012-04-01 17:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-26 20:36 . 2011-11-10 15:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-09 11:49 . 2012-05-09 11:49 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-04-04 22:47 . 2012-05-10 13:42 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-04-04 22:47 . 2011-03-30 02:48 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-04 19:56 . 2012-03-30 21:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"F-Secure Manager"="c:\program files (x86)\Frontier\Security\Common\FSM32.EXE" [2011-09-26 201392]

"F-Secure TNB"="c:\program files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" [2011-09-26 1655472]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R0 93701173;93701173;c:\windows\system32\DRIVERS\93701173.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 257224]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-03-30 61088]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-29 82816]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-05-09 55960]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2011-09-26 60048]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-26 46672]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-09-26 94320]

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2011-09-26 15024]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:36]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:55253

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

LSP: c:\program files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\

FF - prefs.js: browser.search.selectedEngine - Rapidshare FileFinder

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-28 11:51:06

ComboFix-quarantined-files.txt 2012-06-28 15:51

.

Pre-Run: 130,870,235,136 bytes free

Post-Run: 130,499,653,632 bytes free

.

- - End Of File - - C873DC5FF77729B07E811B61D4DD81BE

Link to post
Share on other sites

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FileLook::
c:\windows\system32\DRIVERS\93701173.sys

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • ComboFix log
  • MiniToolBox log
  • aswMBR log

Link to post
Share on other sites

Ran all scans, tried speed test after 426 k, also firefox went into unresponsive mode for 15 seconds then loaded.

ComboFix 12-06-28.03 - Owner 06/29/2012 14:30:38.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6106 [GMT -4:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

Command switches used :: c:\users\Owner\Desktop\CFScript.txt

AV: Max Security 9.17 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Max Security 9.17 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Max Security 9.17 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))

.

.

2012-06-29 18:39 . 2012-06-29 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-29 12:18 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4B9BA93-C968-49EF-AF15-791B593C1B1A}\mpengine.dll

2012-06-27 18:13 . 2012-06-27 18:13 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-06-27 18:13 . 2012-06-27 18:13 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-27 18:13 . 2012-06-27 18:13 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-06-27 16:07 . 2012-06-27 16:07 -------- d-----w- C:\_OTL

2012-06-25 16:59 . 2012-06-27 18:13 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-06-25 16:59 . 2012-06-27 18:13 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-06-25 16:59 . 2012-06-27 18:13 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-06-21 11:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 11:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 11:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 11:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 11:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 11:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 11:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 11:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 11:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-17 10:54 . 2010-05-27 16:32 774144 ----a-w- c:\windows\SysWow64\htmlayout.dll

2012-06-17 07:00 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-17 07:00 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-17 07:00 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-06-17 07:00 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-06-17 07:00 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2012-06-17 07:00 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll

2012-06-17 01:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-17 01:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-17 01:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-17 01:52 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-17 01:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-17 01:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-17 01:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-17 01:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-17 01:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-17 01:50 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-17 01:50 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-17 01:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-17 01:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-17 01:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-17 01:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-17 01:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-17 01:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-17 01:09 . 2012-06-17 01:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Wireshark

2012-06-13 11:44 . 2012-06-13 11:44 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia

2012-06-11 23:49 . 2012-06-11 23:49 -------- d-----w- c:\programdata\Axara

2012-06-11 23:47 . 2012-06-11 23:55 -------- d-----w- c:\program files (x86)\Common Files\Axara

2012-06-11 17:49 . 2012-06-17 01:33 -------- d-----w- c:\windows\SysWow64\kodak

2012-06-11 17:05 . 2012-06-17 01:34 -------- d-----w- c:\program files (x86)\Kodak

2012-06-11 13:22 . 2012-06-11 16:36 -------- d-----w- c:\program files\Web Assistant

2012-06-11 13:18 . 2012-06-11 13:43 -------- d-----w- c:\program files (x86)\1ClickDownload

2012-06-09 14:19 . 2012-06-17 01:34 -------- d-----w- c:\users\Owner\AppData\Local\Eastman_Kodak_Company

2012-06-09 14:17 . 2012-06-09 14:17 -------- d-----w- c:\users\Owner\AppData\Local\Eastman Kodak Company

2012-06-09 14:09 . 2012-06-17 01:34 -------- d-----w- c:\programdata\Kodak

2012-06-05 14:53 . 2012-06-05 14:53 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_

2012-06-05 12:39 . 2012-06-05 12:39 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang__1969_

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-26 20:36 . 2012-04-01 17:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-26 20:36 . 2011-11-10 15:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-09 11:49 . 2012-05-09 11:49 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-04-04 22:47 . 2012-05-10 13:42 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-04-04 22:47 . 2011-03-30 02:48 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-04 19:56 . 2012-03-30 21:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-28_15.46.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2012-06-29 16:44 56990 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-29 16:44 52120 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-07-31 16:26 . 2012-06-29 16:44 13432 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2493216118-4062180646-4280587544-1000_UserData.bin

- 2012-06-28 15:13 . 2012-06-28 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-29 16:42 . 2012-06-29 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-28 15:13 . 2012-06-28 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-06-29 16:42 . 2012-06-29 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-07-30 21:23 . 2012-06-29 01:33 238008 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-06-29 16:47 649202 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-06-27 16:05 649202 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-06-29 16:47 116760 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-06-27 16:05 116760 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-06-28 12:35 268100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-06-29 16:00 268100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-07-31 21:34 . 2012-06-29 16:00 28940144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-8192.dat

- 2011-07-31 21:34 . 2012-06-28 12:35 28940144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"F-Secure Manager"="c:\program files (x86)\Frontier\Security\Common\FSM32.EXE" [2011-09-26 201392]

"F-Secure TNB"="c:\program files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" [2011-09-26 1655472]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R0 93701173;93701173;c:\windows\system32\DRIVERS\93701173.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 257224]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-03-30 61088]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-29 82816]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-05-09 55960]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2011-09-26 60048]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-26 46672]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-09-26 94320]

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2011-09-26 15024]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:36]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]

"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:55253

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

LSP: c:\program files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-29 14:43:33

ComboFix-quarantined-files.txt 2012-06-29 18:43

ComboFix2.txt 2012-06-28 15:51

.

Pre-Run: 129,553,760,256 bytes free

Post-Run: 129,271,230,464 bytes free

.

- - End Of File - - 81C672818B5055C41C0E521B65CB8655

MiniToolBox by Farbar Version: 25-06-2012

Ran by Owner (administrator) on 29-06-2012 at 15:04:41

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

ProxyServer: http=127.0.0.1:55253

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)

Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.invalid

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : domain.invalid

Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)

Physical Address. . . . . . . . . : 00-26-6C-C8-B0-68

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : domain.invalid

Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC

Physical Address. . . . . . . . . : E0-CA-94-0A-CA-F7

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::111e:b69d:3174:c946%11(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.254.2(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Friday, June 29, 2012 12:42:36 PM

Lease Expires . . . . . . . . . . : Monday, August 05, 2148 9:33:16 PM

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 192.168.254.254

DHCPv6 IAID . . . . . . . . . . . : 249612948

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-A1-87-EB-E0-CA-94-0A-CA-F7

DNS Servers . . . . . . . . . . . : 192.168.254.254

192.168.254.254

NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.domain.invalid:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : domain.invalid

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Server: UnKnown

Address: 192.168.254.254

Name: google.com

Addresses: 2607:f8b0:4004:801::1002

74.125.228.39

74.125.228.40

74.125.228.41

74.125.228.46

74.125.228.32

74.125.228.33

74.125.228.34

74.125.228.35

74.125.228.36

74.125.228.37

74.125.228.38

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown

Address: 192.168.254.254

Name: yahoo.com

Addresses: 72.30.38.140

98.139.183.24

209.191.122.70

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown

Address: 192.168.254.254

Name: bleepingcomputer.com

Address: 208.43.87.2

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=6ms TTL=128

Reply from 127.0.0.1: bytes=32 time=6ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 6ms, Maximum = 6ms, Average = 6ms

===========================================================================

Interface List

12...00 26 6c c8 b0 68 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)

11...e0 ca 94 0a ca f7 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC

1...........................Software Loopback Interface 1

14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.254.0 255.255.255.0 On-link 192.168.254.2 281

192.168.254.2 255.255.255.255 On-link 192.168.254.2 281

192.168.254.255 255.255.255.255 On-link 192.168.254.2 281

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.254.2 281

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.254.2 286

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

1 306 ::1/128 On-link

11 286 fe80::/64 On-link

11 286 fe80::111e:b69d:3174:c946/128

On-link

1 306 ff00::/8 On-link

11 286 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog9 01 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)

Catalog9 02 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)

Catalog9 03 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)

Catalog9 04 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)

Catalog9 05 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)

Catalog9 06 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 17 C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL [189616] (F-Secure Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

x64-Catalog9 01 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)

x64-Catalog9 02 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)

x64-Catalog9 03 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)

x64-Catalog9 04 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)

x64-Catalog9 05 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)

x64-Catalog9 06 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 15 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 16 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 17 C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll [219824] (F-Secure Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (06/29/2012 00:44:13 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2012 11:20:30 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2012 08:14:09 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2012 04:30:26 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2012 11:15:11 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2012 08:27:45 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2012 08:16:36 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2012 09:30:26 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2012 04:22:14 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2012 03:06:17 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (06/29/2012 02:39:44 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/29/2012 02:35:28 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/29/2012 00:43:45 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/29/2012 00:42:45 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

93701173

Error: (06/29/2012 11:19:56 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/29/2012 11:19:13 AM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

93701173

Error: (06/29/2012 08:14:02 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/29/2012 08:13:08 AM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

93701173

Error: (06/28/2012 04:29:47 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/28/2012 04:29:05 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

93701173

Microsoft Office Sessions:

=========================

Error: (06/29/2012 00:44:13 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2012 11:20:30 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2012 08:14:09 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2012 04:30:26 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2012 11:15:11 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2012 08:27:45 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2012 08:16:36 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2012 09:30:26 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2012 04:22:14 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2012 03:06:17 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 6.2.2)

Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)

Adobe Flash Player 11 Plugin (Version: 11.3.300.262)

Adobe Reader X (10.1.3) MUI (Version: 10.1.3)

Angry Birds Rio (Version: 1.4.2)

Angry Birds Seasons (Version: 2.2.0)

Angry Birds Space (Version: 1.0.0)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)

ATI Catalyst Install Manager (Version: 3.0.808.0)

AVS Audio Converter 7

AVS Audio Editor 7.1

AVS Audio Recorder version 4.0

AVS Cover Editor 2.0.1.3

AVS Disc Creator 5

AVS Document Converter 2.1.2

AVS DVD Authoring

AVS DVD Copy version 4.1.2

AVS Image Converter 2.1.2.169

AVS Media Player 4.1.8.93

AVS Photo Editor

AVS Registry Cleaner version 2.2

AVS Ringtone Maker version 1.6

AVS Screen Capture version 2.0.1

AVS Update Manager 1.0

AVS Video Converter 8

AVS Video Editor 6

AVS Video Recorder 2.4

AVS Video ReMaker 4.0.8.140

AVS4YOU Software Navigator 1.4

Best Buy pc app (Version: 3.0.0.0)

calibre (Version: 0.8.15)

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (Version: 2011.0216.726.13233)

Catalyst Control Center InstallProxy (Version: 2011.0216.726.13233)

Catalyst Control Center Localization All (Version: 2011.0216.726.13233)

ccc-core-static (Version: 2011.0216.726.13233)

ccc-utility64 (Version: 2011.0216.726.13233)

CCC Help Chinese Standard (Version: 2011.0216.0725.13233)

CCC Help Chinese Traditional (Version: 2011.0216.0725.13233)

CCC Help Czech (Version: 2011.0216.0725.13233)

CCC Help Danish (Version: 2011.0216.0725.13233)

CCC Help Dutch (Version: 2011.0216.0725.13233)

CCC Help English (Version: 2011.0216.0725.13233)

CCC Help Finnish (Version: 2011.0216.0725.13233)

CCC Help French (Version: 2011.0216.0725.13233)

CCC Help German (Version: 2011.0216.0725.13233)

CCC Help Greek (Version: 2011.0216.0725.13233)

CCC Help Hungarian (Version: 2011.0216.0725.13233)

CCC Help Italian (Version: 2011.0216.0725.13233)

CCC Help Japanese (Version: 2011.0216.0725.13233)

CCC Help Korean (Version: 2011.0216.0725.13233)

CCC Help Norwegian (Version: 2011.0216.0725.13233)

CCC Help Polish (Version: 2011.0216.0725.13233)

CCC Help Portuguese (Version: 2011.0216.0725.13233)

CCC Help Russian (Version: 2011.0216.0725.13233)

CCC Help Spanish (Version: 2011.0216.0725.13233)

CCC Help Swedish (Version: 2011.0216.0725.13233)

CCC Help Thai (Version: 2011.0216.0725.13233)

CCC Help Turkish (Version: 2011.0216.0725.13233)

CCleaner (Version: 3.17)

Conexant HD Audio (Version: 8.54.1.0)

Coupon Printer for Windows (Version: 5.0.0.1)

D3DX10 (Version: 15.4.2368.0902)

DJ_AIO_06_F4500_SW_MIN (Version: 140.0.690.000)

DVDFab 8.1.7.8 (17/04/2012) Qt

ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0)

HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (Version: 14.0)

Java Auto Updater (Version: 2.1.6.0)

Java 6 Update 29 (Version: 6.0.290)

Java 7 Update 4 (Version: 7.0.40)

JavaFX 2.1.0 (Version: 2.1.0)

Junk Mail filter update (Version: 15.4.3502.0922)

Label@Once 1.0 (Version: 1.0)

Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)

Max Security

Mesh Runtime (Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (Version: 14.0.4763.1000)

Microsoft Silverlight (Version: 5.1.10411.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)

Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)

Mozilla Maintenance Service (Version: 13.0.1)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Network64 (Version: 140.0.215.000)

Notepad2 (Notepad Replacement) (Version: 4.2.25 )

PlayReady PC Runtime amd64 (Version: 1.3.0)

PlayReady PC Runtime x86 (Version: 1.3.0)

RapidShare Manager (Version: 0.1)

Realtek USB 2.0 Card Reader (Version: 6.1.7600.30124)

Realtek WLAN Driver (Version: 2.00.0016)

Scan (Version: 140.0.80.000)

Toolbox (Version: 140.0.428.000)

TOSHIBA Application Installer (Version: 9.0.1.1)

TOSHIBA Assist (Version: 4.02.02)

Toshiba Book Place (Version: 2.2.6775)

TOSHIBA Bulletin Board (Version: 1.6.08.64)

TOSHIBA Disc Creator (Version: 2.1.0.4 for x64)

TOSHIBA Face Recognition (Version: 3.1.3.64)

TOSHIBA Hardware Setup (Version: 2.00.14)

TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)

TOSHIBA Media Controller (Version: 1.0.80.8.64)

TOSHIBA Quality Application (Version: 1.0.3)

TOSHIBA Recovery Media Creator (Version: 2.1.3.5109)

TOSHIBA ReelTime (Version: 1.7.16.64)

TOSHIBA Service Station (Version: 2.1.45)

TOSHIBA Supervisor Password (Version: 2.00.07)

TOSHIBA Value Added Package (Version: 1.3.22.64)

TOSHIBA Web Camera Application (Version: 2.0.1.1)

ToshibaRegistration (Version: 1.0.4)

TurboTax 2011

TurboTax 2011 WinPerFedFormset (Version: 011.000.2675)

TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0436)

TurboTax 2011 WinPerTaxSupport (Version: 011.000.0210)

TurboTax 2011 wnyiper (Version: 011.000.1375)

TurboTax 2011 wrapper (Version: 011.000.0120)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3508.1109)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3508.1109)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

WinRAR archiver (Version: 4.01.0)

WMV9/VC-1 Video Playback (Version: 1.00.0000)

========================= Devices: ================================

Name: Deskjet F4500 series

Description: Deskjet F4500 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 23%

Total physical RAM: 7782.87 MB

Available physical RAM: 5925.57 MB

Total Pagefile: 15563.93 MB

Available Pagefile: 13703.11 MB

Total Virtual: 4095.88 MB

Available Virtual: 3963.12 MB

========================= Partitions: =====================================

1 Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:120.42 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest Owner

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-29 15:08:21

-----------------------------

15:08:21.713 OS Version: Windows x64 6.1.7601 Service Pack 1

15:08:21.713 Number of processors: 2 586 0x100

15:08:21.713 ComputerName: OWNER-PC UserName: Owner

15:08:23.460 Initialize success

15:08:31.022 AVAST engine download error: 0

15:08:33.861 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067

15:08:33.877 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 11

15:08:33.893 Disk 0 MBR read successfully

15:08:33.908 Disk 0 MBR scan

15:08:33.924 Disk 0 Windows VISTA default MBR code

15:08:33.939 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

15:08:33.955 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292137 MB offset 3074048

15:08:33.986 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11607 MB offset 601370624

15:08:34.049 Disk 0 scanning C:\windows\system32\drivers

15:08:41.271 Service scanning

15:09:16.902 Modules scanning

15:09:16.917 Disk 0 trace - called modules:

15:09:16.964 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys

15:09:17.495 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007175660]

15:09:17.510 3 CLASSPNP.SYS[fffff880019c943f] -> nt!IofCallDriver -> [0xfffffa8006c04040]

15:09:17.526 5 amd_xata.sys[fffff880010918b4] -> nt!IofCallDriver -> \Device\00000067[0xfffffa8006c006f0]

15:09:17.541 Scan finished successfully

15:09:39.194 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"

15:09:39.210 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

Link to post
Share on other sites

That file does not appear to exsit, I did checked and show hidden files is on.

2yxkvih.jpg

My wifes laptop started to act up, firefox running slow, I googled and I now see alot of firefox users complaining, firefox and adobe flash player and some firefox addons not agreeing with each other causing slow internet speeds. This could be my problem. Even though spybot found incredibar and deleted it. I had to take my wife firefox back to version 3.6.XX to get the speeds back up. That version is no longer susported and does occasionly crash. So I download Google Chrome for her laptop. I have not changed anything on this laptop and will not do so until you tell me it is safe to do so.

spybot scan done on the 25th

2yxkvih.jpg

Link to post
Share on other sites

My mission here is to help you with removing malware, not to improve your perfomance. About perfomance:

http://forums.malwarebytes.org/index.php?showtopic=81990

About Firefox, it is generally problematic, even if everything else is fine. The problem is the level of the browser engine, so nothing we can do. As new versions are much better, but really for me you made ​​the right choice with selecting Google Chrome.

Did you remove those malicious entries with SpyBot?

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
93701173

File::
c:\windows\system32\DRIVERS\93701173.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Yes I let spybot remove those entries, sorry if I gave you the impression that I was asking for help with my internet speed. I was just pointing out that two of the symptoms, I thought were caused by incredibar are now being reported on mozilla forums as programing conflicts. I am happy that you are helping me and will continue to follow your directions until you declare my computer safe. combofix log is posted below

ComboFix 12-06-28.03 - Owner 06/30/2012 8:31.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6202 [GMT -4:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

Command switches used :: c:\users\Owner\Desktop\CFScript.txt

AV: Max Security 9.17 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Max Security 9.17 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Max Security 9.17 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))

.

.

2012-06-30 12:41 . 2012-06-30 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-30 09:05 . 2012-06-30 09:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4B9BA93-C968-49EF-AF15-791B593C1B1A}\offreg.dll

2012-06-30 00:30 . 2012-06-30 00:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-30 00:30 . 2012-06-30 00:30 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-29 12:18 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4B9BA93-C968-49EF-AF15-791B593C1B1A}\mpengine.dll

2012-06-27 18:13 . 2012-06-27 18:13 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-06-27 18:13 . 2012-06-27 18:13 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-27 18:13 . 2012-06-27 18:13 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-06-27 16:07 . 2012-06-27 16:07 -------- d-----w- C:\_OTL

2012-06-25 16:59 . 2012-06-27 18:13 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-06-25 16:59 . 2012-06-27 18:13 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-06-25 16:59 . 2012-06-27 18:13 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-06-21 11:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 11:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 11:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 11:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 11:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 11:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 11:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 11:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 11:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-17 10:54 . 2010-05-27 16:32 774144 ----a-w- c:\windows\SysWow64\htmlayout.dll

2012-06-17 07:00 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-17 07:00 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-17 07:00 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-06-17 07:00 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-06-17 07:00 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2012-06-17 07:00 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll

2012-06-17 01:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-17 01:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-17 01:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-17 01:52 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-17 01:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-17 01:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-17 01:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-17 01:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-17 01:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-17 01:50 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-17 01:50 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-17 01:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-17 01:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-17 01:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-17 01:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-17 01:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-17 01:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-17 01:09 . 2012-06-17 01:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Wireshark

2012-06-13 11:44 . 2012-06-13 11:44 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia

2012-06-11 23:49 . 2012-06-11 23:49 -------- d-----w- c:\programdata\Axara

2012-06-11 23:47 . 2012-06-11 23:55 -------- d-----w- c:\program files (x86)\Common Files\Axara

2012-06-11 17:49 . 2012-06-17 01:33 -------- d-----w- c:\windows\SysWow64\kodak

2012-06-11 17:05 . 2012-06-17 01:34 -------- d-----w- c:\program files (x86)\Kodak

2012-06-11 13:22 . 2012-06-11 16:36 -------- d-----w- c:\program files\Web Assistant

2012-06-11 13:18 . 2012-06-11 13:43 -------- d-----w- c:\program files (x86)\1ClickDownload

2012-06-09 14:19 . 2012-06-17 01:34 -------- d-----w- c:\users\Owner\AppData\Local\Eastman_Kodak_Company

2012-06-09 14:17 . 2012-06-09 14:17 -------- d-----w- c:\users\Owner\AppData\Local\Eastman Kodak Company

2012-06-09 14:09 . 2012-06-17 01:34 -------- d-----w- c:\programdata\Kodak

2012-06-05 14:53 . 2012-06-05 14:53 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang_Rides_Again__1970_

2012-06-05 12:39 . 2012-06-05 12:39 -------- d-----w- c:\users\Owner\The_Over-the-Hill_Gang__1969_

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-09 11:49 . 2012-05-09 11:49 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-04-04 22:47 . 2012-05-10 13:42 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-04-04 22:47 . 2011-03-30 02:48 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-04 19:56 . 2012-03-30 21:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-28_15.46.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2012-06-30 00:33 57054 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-30 00:33 52316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-07-31 16:26 . 2012-06-30 00:33 13440 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2493216118-4062180646-4280587544-1000_UserData.bin

+ 2012-06-30 00:31 . 2012-06-30 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-28 15:13 . 2012-06-28 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-30 00:31 . 2012-06-30 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-28 15:13 . 2012-06-28 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-06-30 00:30 . 2012-06-30 00:30 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe

+ 2012-06-30 00:30 . 2012-06-30 00:30 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2011-07-30 21:23 . 2012-06-29 01:33 238008 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-06-27 16:05 649202 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-06-30 11:40 649202 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-06-30 11:40 116760 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-06-27 16:05 116760 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-06-30 00:30 268100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-06-28 12:35 268100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-06-30 00:30 . 2012-06-30 00:30 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

- 2011-08-11 20:08 . 2012-06-28 02:04 1858628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-4096.dat

+ 2011-08-11 20:08 . 2012-06-30 00:30 1858628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-4096.dat

- 2011-07-31 21:34 . 2012-06-28 12:35 28940144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-8192.dat

+ 2011-07-31 21:34 . 2012-06-30 00:30 28940144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2493216118-4062180646-4280587544-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"F-Secure Manager"="c:\program files (x86)\Frontier\Security\Common\FSM32.EXE" [2011-09-26 201392]

"F-Secure TNB"="c:\program files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" [2011-09-26 1655472]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R0 93701173;93701173;c:\windows\system32\DRIVERS\93701173.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2012-03-30 61088]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-29 82816]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-05-09 55960]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2011-09-26 60048]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-09-26 46672]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-09-26 94320]

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2011-09-26 15024]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 8283136]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 294400]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]

"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

LSP: c:\program files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\shthfz9p.Default User\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-30 08:44:42

ComboFix-quarantined-files.txt 2012-06-30 12:44

ComboFix2.txt 2012-06-29 18:43

ComboFix3.txt 2012-06-28 15:51

.

Pre-Run: 128,067,244,032 bytes free

Post-Run: 128,023,023,616 bytes free

.

- - End Of File - - B08370346159E6C2482563EB413E6C90

Link to post
Share on other sites

I just want to let you know about the system perfomance. :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Eset online scanner completed, 6+ hours said nothing found, could not find scanner log, below is the only log that was inside eset online scanner file.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Link to post
Share on other sites

Good!

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.