Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Done all updates, Flash player stops working

Started by bettei , Jun 17 2012 06:06 PM

  • Please log in to reply

#1
bettei
Posted 17 June 2012 - 06:06 PM

bettei

    Member

  • Member
  • PipPipPip
  • 340 posts
Hello, I have been having problems with really slow loading pages, and I constantly get "flash player has stopped working, Windows is searching for a solution" warning. I have run Filehippo, and updated what it said to, ran Malwarebytes, CC cleaner, virus scan, nothing shows up. I don't store any music files or many photos on this laptop, so there should not be a space problem. I pretty much only use this laptop for Facebook and the games on there, and I noticed the pages loading painfully slow. So I ran the OTL and am posting the results. I hope someone will be able to tell me if I have a problem or not. I even uninstalled and reinstalled the Flash player, it did not help. Thanks in advance!
OTL logfile created on: 6/17/2012 6:52:00 PM - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 65.02% Memory free
7.68 Gb Paging File | 6.21 Gb Available in Paging File | 80.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.64 Gb Total Space | 245.63 Gb Free Space | 85.39% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/17 18:51:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/05/29 12:23:23 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fssm32.exe
PRC - [2012/05/29 12:23:22 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32.exe
PRC - [2012/05/03 06:39:48 | 000,681,016 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/08 11:06:50 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsav32.exe
PRC - [2011/05/23 16:12:13 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe
PRC - [2010/12/01 09:26:42 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
PRC - [2010/04/07 10:40:20 | 000,199,344 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE
PRC - [2010/04/07 10:40:20 | 000,187,056 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE
PRC - [2010/04/07 10:40:20 | 000,088,752 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Common\FSHDLL32.EXE
PRC - [2010/04/07 10:37:50 | 000,219,824 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe
PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 18:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/07/13 01:35:58 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2009/01/14 00:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe


========== Modules (No Company Name) ==========

MOD - [2011/01/27 12:00:26 | 003,622,128 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\plugin\libbizlplugin.dll
MOD - [2010/12/01 09:26:40 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
MOD - [2010/12/01 09:26:38 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
MOD - [2010/12/01 09:26:38 | 000,375,808 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
MOD - [2010/12/01 09:26:38 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
MOD - [2010/12/01 09:26:38 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
MOD - [2010/12/01 09:26:36 | 002,452,992 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
MOD - [2010/12/01 09:26:36 | 001,008,640 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
MOD - [2010/12/01 09:26:36 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
MOD - [2010/04/07 10:38:18 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\strres.eng
MOD - [2010/04/07 10:38:10 | 000,551,600 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\gres.dll
MOD - [2010/04/07 10:38:06 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\fsavures.eng
MOD - [2010/04/07 10:38:02 | 000,088,752 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\aboutres.dll
MOD - [2010/04/07 10:38:00 | 000,441,008 | ---- | M] () -- C:\Program Files (x86)\Frontier\Security\FSGUI\about.dll
MOD - [2009/07/13 01:35:58 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/09/17 15:41:36 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/08/21 12:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/16 13:02:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 06:39:48 | 001,302,072 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/05/03 06:39:48 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/23 16:12:13 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/04/07 10:40:20 | 000,187,056 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2010/04/07 10:38:46 | 000,844,464 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2010/04/07 10:37:50 | 000,219,824 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/10 22:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/09 12:27:01 | 000,055,960 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/16 09:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/02 10:22:47 | 000,050,384 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/07 10:38:38 | 000,092,240 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2010/03/31 03:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/08/27 11:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/31 00:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 20:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/24 18:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 20:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2012/05/29 12:23:59 | 000,199,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011/08/17 17:01:20 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2010/04/07 10:40:00 | 000,058,000 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Frontier\Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2010/04/07 10:37:50 | 000,014,904 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5587CF5C-BEC8-4829-9343-E77335EB26ED}
IE:64bit: - HKLM\..\SearchScopes\{5587CF5C-BEC8-4829-9343-E77335EB26ED}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {E0F4B07D-749E-401D-A571-67F336F6FEDC}
IE - HKLM\..\SearchScopes\{E0F4B07D-749E-401D-A571-67F336F6FEDC}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\..\SearchScopes,DefaultScope = {E0F4B07D-749E-401D-A571-67F336F6FEDC}
IE - HKCU\..\SearchScopes\{E0F4B07D-749E-401D-A571-67F336F6FEDC}: "URL" = http://www.google.co...1I7TSNA_enUS370
IE - HKCU\..\SearchScopes\{F4A054AB-EE8F-45FE-9405-9A9D94D2B0D9}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0.111
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 18:44:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/17 18:44:34 | 000,000,000 | ---D | M]

[2010/03/08 20:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/05/01 18:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bx0rvagm.default\extensions
[2012/06/05 15:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/16 13:02:42 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/06 16:26:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/01 10:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 10:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Frontier\Security\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E317409-3DFB-40C7-BC90-2A0077847BAB}: DhcpNameServer = 192.168.254.254 192.168.254.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 18:51:08 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/06/17 18:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/17 18:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/06/17 18:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/06/17 18:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/12 18:28:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2012/06/08 16:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/06/05 15:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/05/25 19:36:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Secunia PSI (BETA)
[2012/05/25 19:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/17 18:51:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/06/17 18:33:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/17 15:04:35 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 15:04:35 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 15:01:19 | 000,742,282 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/17 15:01:19 | 000,634,700 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/17 15:01:19 | 000,111,604 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/17 14:57:38 | 000,000,562 | ---- | M] () -- C:\windows\tasks\Scheduled scanning task.job
[2012/06/17 14:56:57 | 3092,942,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/14 18:09:18 | 000,343,608 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/08 16:47:49 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/05 15:52:17 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/05 15:48:16 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/05 15:43:47 | 000,001,984 | ---- | M] () -- C:\Users\Owner\Desktop\Update Checker.lnk
[2012/05/25 13:15:18 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/08 16:47:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/08 16:47:49 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/05 15:43:47 | 000,001,984 | ---- | C] () -- C:\Users\Owner\Desktop\Update Checker.lnk
[2012/05/25 19:36:34 | 000,001,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/05/02 09:53:36 | 000,042,672 | ---- | C] () -- C:\windows\SysWow64\drivers\fsbts.sys
[2011/05/02 09:52:23 | 000,756,634 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/09 15:35:59 | 000,000,007 | ---- | C] () -- C:\windows\SysWow64\mkghj.dll
[2010/09/04 13:05:25 | 000,000,058 | ---- | C] () -- C:\windows\wininit.ini

========== LOP Check ==========

[2011/04/27 18:49:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rovio
[2010/08/06 13:18:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2010/02/27 07:24:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2012/06/16 13:01:18 | 000,032,568 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/06/17 14:57:38 | 000,000,562 | ---- | M] () -- C:\windows\Tasks\Scheduled scanning task.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
Jintan
Posted 22 June 2012 - 06:19 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Hello bettei,

No malware showing here, but I do notice you are using an ISP provided security software, here Frontier's version of F-Secure. Although F-Secure might be a known security program, a real big problem is that ISP-provided security softwares tend to be bottom-of-the-barrel stuff - whatever they can get for the cheapest price. So tend to be some of the worst, problematic security software available.

Just to check that, right off see if you can access Safe Mode, where the security software is less active. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.

Then see if the same problems continue, even in Safe Mode.
  • 0

#3
bettei
Posted 23 June 2012 - 06:36 PM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
I didn't notice anything happening in safe mode, but I was just playing games on Facebook, and suddenly a window popped up that said something about "microsoft has detected 3 very harmful viruses, follow these steps to remove them" But I noticed the address bar had some weird name in it, I am sure it was not legitimate. So there must be something going on with this computer. I also get "Firefox had prevented page from being redirected" a lot.

I might add that I also have a desktop computer with the same Fsecure antivirus program and Gammo had me run Combofix on that to fix it very recently. This one seems to have the same problems, but i did not want to run Combofix without instructions for this laptop.

Edited by bettei, 23 June 2012 - 07:21 PM.

  • 0

#4
Jintan
Posted 24 June 2012 - 04:45 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Let's look in more detail first.

The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

  • 0

#5
bettei
Posted 24 June 2012 - 05:20 PM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
When I attempted to uncheck "hide protected operating system files (recommended) I got a warning message that doing that might make my computer unoperable. Should I do it anyway?

And since I posted yesterday, I upgraded to the paid subscription to FSecure, hoping that would be a better program. I ran a scan after upgrading, but it is not getting this problem, because it said the scans are clear. But I am still getting the redirects.

Edited by bettei, 24 June 2012 - 05:23 PM.

  • 0

#6
Jintan
Posted 24 June 2012 - 05:35 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Yes, you are okay to unhide those. Kinda questionable why files were hidden in the first place, actually.
  • 0

#7
bettei
Posted 25 June 2012 - 11:01 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
Had a little trouble, I ran the first scan and saved it to my desktop. However when I opened it, it was just a blank. I did notice the report said "no changes to the registry", itf that helps.
Then I ran the avast cleaning tool, I hope I can post it right. BTW, will I have to remove anything from Avast when I am all done so it wont interfere with my Fsecure? Or was that just a temp file I ran from Avast?

I have the Avast scan saved to my desktop, but for some reason cant get it posted here. I browsed my destop, found the report, clicked open, then attach file, then I hit reply. Nothing happens, sorry..

Attached Files


Edited by bettei, 25 June 2012 - 11:04 AM.

  • 0

#8
bettei
Posted 25 June 2012 - 11:05 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
finally got it there!
  • 0

#9
Jintan
Posted 25 June 2012 - 05:33 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
May be F-Secure involved in the posting here issue, but not seeing anything malicious in aswMBR, and as you mention, Gmer found no modifications:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-25 11:37:49
-----------------------------
11:37:49.511 OS Version: Windows x64 6.1.7601 Service Pack 1
11:37:49.511 Number of processors: 2 586 0x170A
11:37:49.511 ComputerName: OWNER-PC UserName: Owner
11:37:51.274 Initialize success
11:45:09.728 AVAST engine defs: 12062500
11:45:57.839 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:45:57.839 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
11:45:57.854 Disk 0 MBR read successfully
11:45:57.870 Disk 0 MBR scan
11:45:57.870 Disk 0 Windows VISTA default MBR code
11:45:57.886 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:45:57.901 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294543 MB offset 3074048
11:45:57.995 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9201 MB offset 606298112
11:45:58.026 Disk 0 scanning C:\windows\system32\drivers
11:46:09.055 Service scanning
11:46:32.128 Modules scanning
11:46:32.128 Disk 0 trace - called modules:
11:46:32.174 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:46:32.689 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057a0060]
11:46:32.689 3 CLASSPNP.SYS[fffff880017bb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800472e050]
11:46:34.780 AVAST engine scan C:\windows
11:46:40.052 AVAST engine scan C:\windows\system32
11:49:37.612 AVAST engine scan C:\windows\system32\drivers
11:49:50.669 AVAST engine scan C:\Users\Owner
11:51:35.314 AVAST engine scan C:\ProgramData
11:51:54.736 Scan finished successfully
11:54:20.737 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
11:54:20.737 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

-----------

I didn't notice anything happening in safe mode, but I was just playing games on Facebook, and suddenly a window popped up that said something about "microsoft has detected 3 very harmful viruses, follow these steps to remove them" But I noticed the address bar had some weird name in it, I am sure it was not legitimate. So there must be something going on with this computer. I also get "Firefox had prevented page from being redirected" a lot.


Facebook is one of the most likely websites to run into a malware-hacked page, which right now sounds like what occurred. The malware code loads into your Internet Explorer temp files, so if you shut down your browser at that time, or other corrective action, that ends the scam infection display. Scan now and see if anything gets picked up.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Download the latest version of Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-1.61.0.1400.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

----------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.
  • 0

#10
bettei
Posted 25 June 2012 - 07:35 PM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
I always have had the Malware program on my computer and would run it once in a while. However, when I did the update with Fsecure, it removed Malwarebytes. I am not sure if it will allow me to run that program or not. Should I just run Fsecure scan and then follow the rest of your instructions?
  • 0

Advertisements

#11
bettei
Posted 26 June 2012 - 11:50 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
I've tried the Eset scan, and it said that Windows defender might interfere with the process. But in settings it looks like it is turned off. So I am running the scan anyway.

And last night when I turned off the laptop, there flashed a blank page, and there was an icon in each lower corner of the computer screen that almost looked like the Microsoft windows icon, except they were round. One said to click on it if I wanted to shut down the computer. There was no other way to X out and exit the page, so I just held the ON key down until the computer shut off. I don't understand all this, none of the reports are showing anything, yet I see these weird things appear on the computer.

Does this sound like anything you have encountered before? And I ran the last esets scan, and it did not show anything. So now I don't know how to proceed.

Edited by bettei, 26 June 2012 - 02:17 PM.

  • 0

#12
Jintan
Posted 26 June 2012 - 06:47 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I admit I have never seen those odd corner icons for a shutdown before. I would like you to run Malwarebytes, but since odd issues are occurring, and I kinda sense you hope to run this instead:

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt. Let's see what it picks up.
  • 0

#13
bettei
Posted 27 June 2012 - 07:43 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
ComboFix 12-06-26.02 - Owner 06/27/2012 8:12.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2719 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Max Security 9.13 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Max Security 9.13 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Max Security 9.13 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 13:22 . 2012-06-27 13:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 12:40 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3875E69-DD52-4997-A75A-EB7D42AEB43A}\mpengine.dll
2012-06-25 18:07 . 2012-06-25 18:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 18:07 . 2012-06-25 18:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 20:37 . 2012-06-24 20:37 -------- d-----w- c:\programdata\SimpleHelp
2012-06-24 16:03 . 2012-06-24 16:03 -------- d-----w- c:\users\Owner\AppData\Roaming\f-secure
2012-06-21 19:42 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 19:42 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 19:42 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 19:42 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 19:41 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 19:41 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 19:41 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 19:41 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 19:41 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 23:36 . 2012-06-17 23:36 -------- d-----w- c:\program files\Java
2012-06-14 20:37 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 20:37 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 20:37 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 20:36 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 20:36 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 20:36 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 20:36 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 20:35 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 20:35 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 20:35 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 20:35 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 20:35 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 20:35 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 20:35 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 20:35 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 20:35 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 20:35 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 23:28 . 2012-06-12 23:28 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
2012-06-08 21:47 . 2012-06-08 21:47 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-08 21:10 . 2012-06-17 23:36 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-08 21:10 . 2012-06-17 23:36 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-05 20:52 . 2012-06-01 15:39 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-05 20:52 . 2012-06-01 15:39 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-05 20:43 . 2012-06-05 20:43 -------- d-----w- c:\program files (x86)\FileHippo.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 16:54 . 2011-05-02 14:52 94304 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2012-06-24 16:53 . 2011-05-02 14:52 50384 ----a-w- c:\windows\system32\drivers\fses.sys
2012-06-24 15:42 . 2011-05-02 14:53 33408 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys
2012-05-09 17:27 . 2012-05-09 17:27 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-30 11:35 . 2012-05-11 01:09 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-04-27 1317]
"F-Secure Manager"="c:\program files (x86)\Frontier\Security\Common\FSM32.EXE" [2010-04-07 199344]
"F-Secure TNB"="c:\program files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" [2010-04-07 1653424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-06-24 50384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2011-05-23 61088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-05-03 1302072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1255736]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\Frontier\Security\Anti-Virus\Win2K\FSfilter.sys [2010-04-07 39856]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\Frontier\Security\Anti-Virus\Win2K\FSrec.sys [2010-04-07 25264]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-05-09 55960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2010-04-07 58000]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-06-24 94304]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2010-04-07 14904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-05-03 681016]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2012-06-24 199848]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 450048]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 137560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~2\Frontier\Security\ANTI-V~1\fsav.exe [2011-05-02 15:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 709976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bx0rvagm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-27 08:38:58
ComboFix-quarantined-files.txt 2012-06-27 13:38
.
Pre-Run: 263,374,995,456 bytes free
Post-Run: 263,636,692,992 bytes free
.
- - End Of File - - 4035C3833ACCD4D0A299DACFA9C7B8A5
  • 0

#14
Jintan
Posted 27 June 2012 - 05:58 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Accidentally removed some legit Toshiba items we will need to put back. Let's do that, then go ahead with the Malwarebytes and Eset scan steps please. If F-Secure suggests malwarebytes needs to be removed, I would suggest F-Secure is what needs to be removed.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

DEQUARANTINE::
C:\Qoobox\Quarantine\C\programdata\xp
C:\Qoobox\Quarantine\C\programdata\xp\EBLib.dll
C:\Qoobox\Quarantine\C\programdata\xp\TPwSav.sys
QUIT::
Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will run a brief limited scan, after which a log will pop up (also located at C:\DeQuarantine.txt). Post that back here please.

------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\\program files (x86)\\Synaptics\\SynTP\\SynTPEnh.exe""
"TPwrMain"="c:\\program files (x86)\\TOSHIBA\\Power Saver\\TPwrMain.EXE"
"SmoothView"="c:\\program files (x86)\\Toshiba\\SmoothView\\SmoothView.exe"
"00TCrdMain"="c:\\program files (x86)\\TOSHIBA\FlashCards\\TCrdMain.exe"
"TosNC"="c:\\program files (x86)\\Toshiba\\BulletinBoard\\TosNcCore.exe"
"TosReelTimeMonitor"="c:\\program files (x86)\\TOSHIBA\\ReelTime\\TosReelTimeMonitor.exe"
Go to Start Search, type notepad.exe in the Start Search box. Notepad.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator"., and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

Reboot after.

-------------

Then do the Malwarebytes and Eset scans please.
  • 0

#15
bettei
Posted 27 June 2012 - 06:37 PM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
Not at all sure that I did this ok. After running the dequarantine, I could not go back online with either Firefox or IE, it said it could not find the page, so I had to restart the computer. I hope this is what you wanted,
Attached File  DeQuarantine.txt   180bytes   105 downloads
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP