Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Done all updates, Flash player stops working

Started by bettei , Jun 17 2012 06:06 PM

  • Please log in to reply

#31
Jintan
Posted 06 July 2012 - 05:39 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Need to post those logs here though.

========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5587CF5C-BEC8-4829-9343-E77335EB26ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5587CF5C-BEC8-4829-9343-E77335EB26ED}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E0F4B07D-749E-401D-A571-67F336F6FEDC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0F4B07D-749E-401D-A571-67F336F6FEDC}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E0F4B07D-749E-401D-A571-67F336F6FEDC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0F4B07D-749E-401D-A571-67F336F6FEDC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F4A054AB-EE8F-45FE-9405-9A9D94D2B0D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4A054AB-EE8F-45FE-9405-9A9D94D2B0D9}\ not found.

OTL by OldTimer - Version 3.2.53.1 log created on 07062012_074704


Go ahead and reboot, and check if the problems have been eliminated please.
  • 0

Advertisements

#32
bettei
Posted 06 July 2012 - 06:30 PM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
I am not understanding. I didn't post the OTL log correctly? I am supposed to run something else? I am not sure which logs I didn't post already.

Edited by bettei, 06 July 2012 - 06:48 PM.

  • 0

#33
Jintan
Posted 06 July 2012 - 06:59 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
You just attached it, instead of posting the log itself here in your reply. But all okay - for now just reboot, and check on those search problems you have been having please.
  • 0

#34
bettei
Posted 06 July 2012 - 07:30 PM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
I have not been online very long since rebooting, and so far have had no redirects. The flash player still fails, the pop up warning I get "the flash player 11.3.r 300 has stopped working, windows is checking for a solution". But there is a really small icon in that pop up that does not look like a real Adobe icon. Is it possible that this is not a legitimate flash player? I have uninstalled the flash player, and thought I installed a different newer version. But when it crashes, it goes right back to the pop up warning I typed above, right back to the 11.3.r 300. So it makes me wonder if it is a problem itself.

I will be on vacation for the next two weeks, and not sure if I will be online. If I get a chance, I will check back here to see your answers. Thanks a lot!
  • 0

#35
Jintan
Posted 07 July 2012 - 06:23 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Every install of Flash Player seems to add a new small popup twist to it, but it can also get corrupted.

Go here and download and run the Flash Player Uninstaller. Reboot, then go here and download and install the latest version. Be sure to uncheck that useless McAfee scan install. Reboot, then check if that corrected things please.
  • 0

#36
bettei
Posted 21 July 2012 - 05:50 PM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
I just returned home and have done the uninstall/reinstall of the flash player. After going to Facebook and playing some games, the player failed again. So I don't know if there is still something wrong with my computer or not. Pages are still loading slow too I think.

And I wondered if I should remove combofix and all the other programs I ran? It does not appear in my add/remove program list, so I don't know how to do this.
Thanks

Edited by bettei, 25 July 2012 - 03:25 PM.

  • 0

#37
Jintan
Posted 25 July 2012 - 04:51 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

cd\

notepad C:\WINDOWS\SysWOW64\Macromed\Flash\mms.cfg

Notepad should open that file, and you should see:

AutoUpdateDisable=0
SilentAutoUpdateEnable=0

Click Enter to move to the the next line, and copy/paste this:

ProtectedMode=0

So then you should have this:

AutoUpdateDisable=0
SilentAutoUpdateEnable=0
ProtectedMode=0

In Notepad go to File - Save, then X close the file. Type exit and press Enter to close the command window.

Reboot, and check Flash Player for problems again please.
  • 0

#38
bettei
Posted 26 July 2012 - 10:21 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
When I did the first step, cd\, I got a black box with a blinking cursor C:\>, at the top of it is an icon C:\ and then it says C:\windows\systems32\cmd.exe. Is this the right thing I am supposed to copy and paste in? Because I am not able to right click anywhere and "run as an administrator". Where exactly do I click to get this command? Right clicking only gives me a small box that says move, properties, etc. I am sorry I am stuck on something that should be so simple.

I went through the process without running as an administrator and got your instructions as far as telling me I could store the file in my documents without running as administrator. So now I don't know what to do.
  • 0

#39
Jintan
Posted 26 July 2012 - 05:12 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
You'll likely need to read through my steps again.

When you type cmd in the Start Search area, cmd.exe shows at the top of that menu. That is what you right click to Run as administrator.
  • 0

#40
bettei
Posted 26 July 2012 - 05:56 PM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
I believe I was able to finally run as administrator, and followed your instructions. I got the last line to read protectedmode=0. I saved the file, x to close. But did not see where you could type exit and then enter to close command window. If the command window is just closed with the x in the corner instead of typing "exit", will I have saved it correctly, or have to do it all over again? Again, sorry for my lack of skills.
  • 0

Advertisements

#41
Jintan
Posted 26 July 2012 - 06:05 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
If the command window is open, and shows a blinking cursor, you just type exit, then press Enter. But go ahead and reboot, and let's see if those changes helped.
  • 0

#42
bettei
Posted 26 July 2012 - 07:29 PM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
I did reboot, but it might be a day or so before I see if the flash player fails. Sometimes it works for quite a while before I encounter problems, but I will post if I do.

Curiously, every time I log on to your website, I get the "Firefox has prevented the page from being redirected". It doesn't happen when I go to all websites, just a few of them. Is this normal?
Thanks.
  • 0

#43
Jintan
Posted 26 July 2012 - 08:31 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I sense some setting or add-on in Firefox is blocking a legit page change, if it occurs when you enter your name and password, or some other normal forum function.


Download DDS by sUBs from the following link. Save it to your desktop.

DDS.scr

Then click that to run the scan. A window will open while the scan runs, and when it completes two logs will open in Notepad - DDS.txt and Attach.txt. An additional message box will open that you can just X close.

Save those two log files to your desktop (go to File - Save As and browse to your desktop to save each), then post both of them back here please.
  • 0

#44
bettei
Posted 27 July 2012 - 07:36 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
I am never sure if I am posting these correctly or not. One file said it was zipped, so I don't know if I am posting it right or not.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Owner at 8:32:28 on 2012-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2694 [GMT -5:00]
.
AV: Max Security 9.13 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Max Security 9.13 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Max Security 9.13 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE
C:\Program Files (x86)\Frontier\Security\Anti-Virus\FSGK32.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Frontier\Security\Anti-Virus\fssm32.exe
C:\windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Frontier\Security\Common\FSLAUNCHER0.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL =
mDefault_Page_URL =
mStart Page =
mLocal Page =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
mRun: [F-Secure Manager] "C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{6E317409-3DFB-40C7-BC90-2A0077847BAB} : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{6E317409-3DFB-40C7-BC90-2A0077847BAB}\D616C6C616274637 : DhcpNameServer = 192.168.254.254 192.168.254.254
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll
BHO-X64: LitmusBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll
TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB-X64: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE" /splash
mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bx0rvagm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2011-5-2 33408]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2011-5-2 58000]
R1 FSFW;F-Secure Firewall Driver;C:\windows\system32\drivers\fsdfw.sys --> C:\windows\system32\drivers\fsdfw.sys [?]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2011-5-2 14904]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe [2011-5-2 219824]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-5-3 681016]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2011-5-2 199848]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\windows\system32\DRIVERS\RTL8187B.sys --> C:\windows\system32\DRIVERS\RTL8187B.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-2-21 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560]
S1 FSES;F-Secure Email Scanning Driver;C:\windows\system32\drivers\fses.sys --> C:\windows\system32\drivers\fses.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2011-5-2 61088]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-5-3 1302072]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\Frontier\Security\Anti-Virus\win2k\fsfilter.sys [2012-6-24 39856]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\Frontier\Security\Anti-Virus\win2k\fsrec.sys [2012-6-24 25264]
.
=============== Created Last 30 ================
.
2012-07-27 13:31:23 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27B9C4EE-6F3D-415E-ACBB-8F93ACF0FBB1}\mpengine.dll
2012-07-25 16:23:03 -------- d-----w- C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
2012-07-24 20:24:55 -------- d-s---w- C:\ComboFix
2012-07-22 00:29:13 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-22 00:29:13 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-21 17:42:21 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-21 17:32:54 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-07-21 17:32:54 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-07-21 17:32:53 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2012-07-21 17:32:53 2048 ----a-w- C:\windows\System32\msxml3r.dll
2012-07-21 17:32:53 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-07-21 17:32:53 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-07-06 12:47:04 -------- d-----w- C:\_OTL
2012-06-28 01:06:09 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-28 01:06:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-28 00:26:55 -------- d-----w- C:\ProgramData\xp
2012-06-27 19:52:16 -------- d-sh--w- C:\$RECYCLE.BIN
.
==================== Find3M ====================
.
2012-06-24 16:54:06 94304 ----a-w- C:\windows\System32\drivers\fsdfw.sys
2012-06-24 16:53:40 50384 ----a-w- C:\windows\System32\drivers\fses.sys
2012-06-24 15:42:36 33408 ----a-w- C:\windows\SysWow64\drivers\fsbts.sys
2012-06-17 23:36:40 955840 ----a-w- C:\windows\System32\npDeployJava1.dll
2012-06-17 23:36:40 839096 ----a-w- C:\windows\System32\deployJava1.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-31 17:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-05-09 17:27:01 55960 ----a-w- C:\windows\System32\drivers\fsbts.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
.
============= FINISH: 8:33:12.83 ===============
  • 0

#45
bettei
Posted 27 July 2012 - 07:38 AM

bettei

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 340 posts
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Owner at 8:32:28 on 2012-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2694 [GMT -5:00]
.
AV: Max Security 9.13 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Max Security 9.13 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Max Security 9.13 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Frontier\Security\Common\FSMA32.EXE
C:\Program Files (x86)\Frontier\Security\Anti-Virus\FSGK32.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Frontier\Security\Anti-Virus\fssm32.exe
C:\windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Frontier\Security\Common\FSLAUNCHER0.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL =
mDefault_Page_URL =
mStart Page =
mLocal Page =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
mRun: [F-Secure Manager] "C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Frontier\Security\FSPS\program\FSLSP.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{6E317409-3DFB-40C7-BC90-2A0077847BAB} : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{6E317409-3DFB-40C7-BC90-2A0077847BAB}\D616C6C616274637 : DhcpNameServer = 192.168.254.254 192.168.254.254
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll
BHO-X64: LitmusBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Frontier\Security\NRS\iescript\baselitmus.dll
TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB-X64: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Frontier\Security\Common\FSM32.EXE" /splash
mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bx0rvagm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2011-5-2 33408]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Frontier\Security\HIPS\drivers\fshs.sys [2011-5-2 58000]
R1 FSFW;F-Secure Firewall Driver;C:\windows\system32\drivers\fsdfw.sys --> C:\windows\system32\drivers\fsdfw.sys [?]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsvista.sys [2011-5-2 14904]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Frontier\Security\Anti-Virus\fsgk32st.exe [2011-5-2 219824]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-5-3 681016]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [2011-5-2 199848]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\windows\system32\DRIVERS\RTL8187B.sys --> C:\windows\system32\DRIVERS\RTL8187B.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-2-21 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560]
S1 FSES;F-Secure Email Scanning Driver;C:\windows\system32\drivers\fses.sys --> C:\windows\system32\drivers\fses.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Frontier\Security\ORSP Client\fsorsp.exe [2011-5-2 61088]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-5-3 1302072]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\Frontier\Security\Anti-Virus\win2k\fsfilter.sys [2012-6-24 39856]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\Frontier\Security\Anti-Virus\win2k\fsrec.sys [2012-6-24 25264]
.
=============== Created Last 30 ================
.
2012-07-27 13:31:23 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27B9C4EE-6F3D-415E-ACBB-8F93ACF0FBB1}\mpengine.dll
2012-07-25 16:23:03 -------- d-----w- C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
2012-07-24 20:24:55 -------- d-s---w- C:\ComboFix
2012-07-22 00:29:13 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-22 00:29:13 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-21 17:42:21 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-21 17:32:54 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-07-21 17:32:54 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-07-21 17:32:53 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2012-07-21 17:32:53 2048 ----a-w- C:\windows\System32\msxml3r.dll
2012-07-21 17:32:53 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-07-21 17:32:53 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-07-06 12:47:04 -------- d-----w- C:\_OTL
2012-06-28 01:06:09 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-28 01:06:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-28 00:26:55 -------- d-----w- C:\ProgramData\xp
2012-06-27 19:52:16 -------- d-sh--w- C:\$RECYCLE.BIN
.
==================== Find3M ====================
.
2012-06-24 16:54:06 94304 ----a-w- C:\windows\System32\drivers\fsdfw.sys
2012-06-24 16:53:40 50384 ----a-w- C:\windows\System32\drivers\fses.sys
2012-06-24 15:42:36 33408 ----a-w- C:\windows\SysWow64\drivers\fsbts.sys
2012-06-17 23:36:40 955840 ----a-w- C:\windows\System32\npDeployJava1.dll
2012-06-17 23:36:40 839096 ----a-w- C:\windows\System32\deployJava1.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-31 17:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-05-09 17:27:01 55960 ----a-w- C:\windows\System32\drivers\fsbts.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
.
============= FINISH: 8:33:12.83 ===============
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP