Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Corrupt File Alert by Firewall; File has Bogus Date [Solved]


  • This topic is locked This topic is locked

#16
blueblue

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
Hi, I can't seem to upload the file and when I try the basic uploader it sends me to my settings, I am stuck in a vicious cycle and going nowhere, am using IE, though I usually use FF but I have so many add ons and things blocked I forgot how to unblock them to let attachments work. So I got IE up and tried attaching the file where it says to browse and get the file. I have little patience for this tech stuff, that's why I'll never be a geek, tried to learn but it didn't work out. :( :oops:

Edited by blueblue, 21 July 2012 - 02:25 PM.

  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When the post is open
Click on browse
Locate the OTL log
then select attach file
[attachment=59108:Capture.GIF]
  • 0

#18
blueblue

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
Hi, that's what I did, but I was in a sandbox, now I'm not so I'll try it again but I can't see anything that says "attach this files", though I looked EVERYWHERE on the page. I can't find it anywhere I don't know why. Let me try posting the log again I don't know why it didn't display properly. I am very upset with this and am ready to just reinstall windows or something.

Edited by blueblue, 21 July 2012 - 05:27 PM.

  • 0

#19
blueblue

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
Here's the log, I unchecked the word wrap setting so it will allign properly.OTL logfile created on: 7/21/2012 2:13:42 PM - Run 2OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rainbow\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1013.10 Mb Total Physical Memory | 94.13 Mb Available Physical Memory | 9.29% Memory free1.99 Gb Paging File | 0.57 Gb Available in Paging File | 28.48% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 136.95 Gb Total Space | 45.91 Gb Free Space | 33.52% Space Free | Partition Type: NTFS Computer Name: AMEE-PC | User Name: Sunny | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/19 19:22:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rainbow\Desktop\OTL.exePRC - [2012/07/07 10:43:26 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2012/05/29 10:23:30 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exePRC - [2012/05/29 10:23:29 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exePRC - [2012/05/10 19:33:58 | 003,065,120 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exePRC - [2012/04/04 14:56:26 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exePRC - [2012/03/22 06:14:18 | 000,024,336 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieRpcSs.exePRC - [2012/03/22 06:14:18 | 000,018,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieDcomLaunch.exePRC - [2012/03/22 06:14:16 | 000,452,880 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exePRC - [2012/03/22 06:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exePRC - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exePRC - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exePRC - [2011/11/01 12:33:56 | 002,531,104 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exePRC - [2011/11/01 12:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exePRC - [2011/11/01 12:33:52 | 001,163,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exePRC - [2011/11/01 12:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exePRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exePRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exePRC - [2011/01/10 10:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exePRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exePRC - [2009/10/07 03:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exePRC - [2009/09/30 18:47:36 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exePRC - [2009/09/30 18:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exePRC - [2009/09/30 18:46:28 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exePRC - [2009/09/23 17:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exePRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GregHSRW.exePRC - [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exePRC - [2009/08/05 11:59:26 | 000,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exePRC - [2009/08/05 11:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXEPRC - [2009/08/05 11:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSM32.EXEPRC - [2009/08/05 11:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXEPRC - [2009/08/05 11:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exePRC - [2009/08/05 11:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exePRC - [2009/07/13 21:14:23 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exePRC - [2009/07/10 06:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exePRC - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exePRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exePRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exePRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ========== Modules (No Company Name) ========== MOD - [2012/07/07 10:43:24 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dllMOD - [2009/08/05 11:59:02 | 000,001,536 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSPC\fspcfsm.engMOD - [2009/08/05 11:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fshook32.dllMOD - [2009/08/05 11:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\strres.engMOD - [2009/08/05 11:56:56 | 000,920,160 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\gres.dllMOD - [2009/08/05 11:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\flyerres.engMOD - [2009/08/05 11:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\fsavures.engMOD - [2009/08/05 11:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\about.dllMOD - [2009/08/05 11:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\aboutres.dll ========== Win32 Services (SafeList) ========== SRV - [2012/07/07 10:43:25 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2012/05/10 19:33:58 | 003,065,120 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)SRV - [2012/03/22 06:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)SRV - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)SRV - [2011/11/01 12:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)SRV - [2011/11/01 12:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)SRV - [2010/07/31 22:42:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)SRV - [2009/09/30 18:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GregHSRW.exe -- (Greg_Service)SRV - [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)SRV - [2009/08/05 11:59:26 | 000,055,904 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe -- (FSORSPClient)SRV - [2009/08/05 11:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE -- (FSMA)SRV - [2009/08/05 11:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe -- (FSDFWD)SRV - [2009/08/05 11:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2009/07/13 21:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)SRV - [2009/07/13 21:15:33 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)SRV - [2009/07/10 06:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)SRV - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®SRV - [2007/03/07 09:51:52 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\LxrSII1s.exe -- (LxrSII1s) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Sunny\AppData\Local\Temp\catchme.sys -- (catchme)DRV - [2012/05/29 10:24:25 | 000,149,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)DRV - [2012/05/09 10:39:00 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts)DRV - [2012/03/22 06:14:14 | 000,134,416 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)DRV - [2012/02/29 22:04:34 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\21887434.sys -- (21887434)DRV - [2011/12/14 20:41:38 | 000,173,880 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)DRV - [2011/11/02 11:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)DRV - [2011/11/01 12:34:28 | 000,040,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)DRV - [2011/11/01 12:34:08 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)DRV - [2011/11/01 12:34:08 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)DRV - [2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)DRV - [2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)DRV - [2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)DRV - [2009/11/23 03:30:06 | 000,103,296 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)DRV - [2009/11/06 00:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)DRV - [2009/09/04 01:37:44 | 000,054,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)DRV - [2009/08/07 06:18:28 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)DRV - [2009/08/05 11:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys -- (F-Secure HIPS)DRV - [2009/08/05 11:57:20 | 000,071,040 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)DRV - [2009/08/05 11:57:12 | 000,035,680 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES)DRV - [2009/08/05 11:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)DRV - [2009/08/05 11:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)DRV - [2009/08/05 11:56:12 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys -- (fsvista)DRV - [2009/06/02 07:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)DRV - [2009/06/02 07:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)DRV - [2009/06/02 07:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...}&rlz=1I7ACAWIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-861964490-322295869-921149580-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://support.microsoft.com/IE - HKU\S-1-5-21-861964490-322295869-921149580-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}IE - HKU\S-1-5-21-861964490-322295869-921149580-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...x&FORM=IE8SRCIE - HKU\S-1-5-21-861964490-322295869-921149580-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...lz=1I7ACAW_enIE - HKU\S-1-5-21-861964490-322295869-921149580-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&sourceid=ie7IE - HKU\S-1-5-21-861964490-322295869-921149580-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-861964490-322295869-921149580-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...ww75w64k2r951IE - HKU\S-1-5-21-861964490-322295869-921149580-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...ww75w64k2r951IE - HKU\S-1-5-21-861964490-322295869-921149580-1002\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}IE - HKU\S-1-5-21-861964490-322295869-921149580-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...x&FORM=IE8SRCIE - HKU\S-1-5-21-861964490-322295869-921149580-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ixquick"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "https://www.duckduckgo.com/"FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not foundFF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Charter Security Suite\NRS\litmus-ff@f-secure.com [2012/07/13 09:16:21 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/04/11 21:38:46 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/07 10:43:27 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/15 19:09:16 | 000,000,000 | ---D | M] [2010/06/08 15:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sunny\AppData\Roaming\Mozilla\Extensions[2012/07/11 19:38:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\6q78mrjr.default\extensions[2012/07/11 19:38:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\6q78mrjr.default\extensions\staged[2010/10/28 19:14:27 | 000,002,484 | ---- | M] () -- C:\Users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\6q78mrjr.default\searchplugins\ixquick.xml[2012/02/20 19:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2012/07/13 09:16:21 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES\CHARTER SECURITY SUITE\NRS\LITMUS-FF@F-SECURE.COM[2012/06/07 13:35:58 | 000,525,079 | ---- | M] () (No name found) -- C:\USERS\SUNNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6Q78MRJR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI[2012/01/31 21:33:43 | 000,292,116 | ---- | M] () (No name found) -- C:\USERS\SUNNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6Q78MRJR.DEFAULT\EXTENSIONS\{AD48108D-92A6-4EB9-87E4-978ACA1DBAE4}.XPI[2012/01/27 13:23:30 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SUNNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6Q78MRJR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI[2012/07/07 10:43:27 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll[2012/02/18 11:16:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll[2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll[2012/05/01 23:39:31 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml[2012/02/20 19:21:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2012/05/01 23:39:30 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml[2012/05/01 23:39:30 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml[2012/05/01 23:39:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml[2012/05/01 23:39:30 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2012/07/21 12:39:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not foundO2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not foundO3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)O4 - HKLM..\Run: [combofix] C:\ComboFix\CF29268.3XE (Microsoft Corporation)O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)O4 - HKU\.DEFAULT..\Run: [DelayShred] c:\progra~1\mcafee\mshr\ShrCL.EXE /P1 /q C:\Users\Rainbow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RU244TTM\SYNCME~1.SH! File not foundO4 - HKU\S-1-5-18..\Run: [DelayShred] c:\progra~1\mcafee\mshr\ShrCL.EXE /P1 /q C:\Users\Rainbow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RU244TTM\SYNCME~1.SH! File not foundO4 - HKU\S-1-5-21-861964490-322295869-921149580-1001..\Run: [LxrAutorun] C:\Users\Sunny\AppData\Local\Lexar Media\LxrAutorun.exe File not foundO4 - HKU\S-1-5-21-861964490-322295869-921149580-1002..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)O4 - HKU\S-1-5-21-861964490-322295869-921149580-1002..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)O4 - HKU\S-1-5-21-861964490-322295869-921149580-1002..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not foundO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-861964490-322295869-921149580-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-861964490-322295869-921149580-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-861964490-322295869-921149580-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\Sandbox_Rainbow_DefaultBox\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64F9C95D-74A6-436A-A1C9-B7CAF40E3775}: DhcpNameServer = 192.168.23.10 8.8.8.8 141.219.60.30O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD612608-98F2-447D-8306-503349FBF900}: DhcpNameServer = 192.168.1.1O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not foundNetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)NetSvcs: Nla - File not foundNetSvcs: Ntmssvc - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: SRService - File not foundNetSvcs: WmdmPmSp - File not foundNetSvcs: LogonHours - File not foundNetSvcs: PCAudit - File not foundNetSvcs: helpsvc - File not foundNetSvcs: uploadmgr - File not found CREATERESTOREPOINTRestore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/07/21 12:48:32 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV[2012/07/21 12:39:08 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/07/21 12:39:08 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\temp[2012/07/21 12:17:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/07/21 12:17:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/07/21 12:17:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/07/21 12:17:02 | 000,000,000 | --SD | C] -- C:\ComboFix[2012/07/21 12:16:50 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/07/21 12:16:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2012/07/21 12:13:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/07/21 12:03:59 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\Sunny\Desktop\ComboFix.exe[2012/07/20 18:37:50 | 000,000,000 | ---D | C] -- C:\_OTL[2012/06/25 23:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software[2010/06/26 18:02:22 | 000,083,248 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS Master.exe[2010/06/20 13:10:54 | 001,009,152 | ---- | C] (NewSoft, Inc.) -- C:\Program Files\PRESTOPM.EXE ========== Files - Modified Within 30 Days ========== [2012/07/21 12:53:57 | 000,015,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/07/21 12:53:57 | 000,015,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/07/21 12:47:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/07/21 12:47:52 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys[2012/07/21 12:39:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts[2012/07/21 11:58:59 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\Sunny\Desktop\ComboFix.exe[2012/07/20 16:33:53 | 000,704,740 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2012/07/20 16:33:52 | 000,136,404 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2012/07/20 14:10:38 | 000,007,860 | ---- | M] () -- C:\Windows\Sandboxie.ini[2012/07/11 20:19:45 | 000,359,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2012/06/25 23:31:59 | 000,029,438 | ---- | M] () -- C:\Users\Public\Documents\horizontal flowerline.rtf ========== Files Created - No Company Name ========== [2012/07/21 12:17:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/07/21 12:17:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/07/21 12:17:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/07/21 12:17:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/07/21 12:17:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/06/25 23:31:56 | 000,029,438 | ---- | C] () -- C:\Users\Public\Documents\horizontal flowerline.rtf[2012/04/01 15:43:54 | 000,007,860 | ---- | C] () -- C:\Windows\Sandboxie.ini[2012/03/24 01:12:06 | 000,709,968 | ---- | C] () -- C:\Windows\is-5CIN7.exe[2012/01/05 19:23:05 | 001,557,791 | ---- | C] () -- C:\Program Files\tdsskiller.zip[2012/01/05 18:53:04 | 000,000,025 | ---- | C] () -- C:\ProgramData\descript.ion[2011/12/21 18:45:46 | 000,040,296 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys[2011/12/21 18:45:45 | 000,205,864 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys[2011/03/21 17:01:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2011/01/18 04:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files\openofficeorg33.msi[2011/01/18 04:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files\openofficeorg1.cab[2011/01/18 04:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini[2010/12/08 20:38:54 | 000,000,268 | ---- | C] () -- C:\Windows\wininit.ini[2010/08/28 00:43:04 | 000,007,600 | ---- | C] () -- C:\Users\Sunny\AppData\Local\resmon.resmoncfg[2010/08/04 20:05:46 | 000,044,184 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys ========== LOP Check ========== [2010/06/06 19:16:01 | 000,000,000 | ---D | M] -- C:\Users\Amee\AppData\Roaming\Acer[2010/06/06 19:15:57 | 000,000,000 | ---D | M] -- C:\Users\Amee\AppData\Roaming\Leadertech[2011/12/22 17:23:07 | 000,000,000 | ---D | M] -- C:\Users\Amee\AppData\Roaming\OnlineArmor[2010/06/08 20:23:16 | 000,000,000 | ---D | M] -- C:\Users\Amee\AppData\Roaming\PeerNetworking[2010/06/07 00:11:28 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\Acer[2011/05/15 14:47:12 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\Amazon[2012/05/17 10:39:58 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\Auslogics[2010/09/03 17:44:27 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\F-Secure[2010/06/07 00:11:24 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\Leadertech[2012/02/17 22:28:57 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\OnlineArmor[2010/07/03 21:42:07 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\OpenOffice.org[2012/06/25 23:30:42 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\QFX Software[2010/06/14 10:16:55 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\Windows Live Writer[2012/06/05 09:56:44 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2010/05/17 12:52:44 | 364,503,280 | ---- | M] (Nero AG) -- C:\setupx.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:07BF512B< End of report >
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A question if I may are you using notepad as the text editor ?

Could you reboot to safe mode and then re-run combofix please

To get to safe mode :

Restart the computer
Press and hold F8
On the menu that appears select safe mode with networking
  • 0

#21
blueblue

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
Hi, I had quite an adventure with this. When I got to Safe Mode, the log showed up, but when I went back to look for it I couldn't find it, so I just re-ran the program, then I got the idea to save it to the other desktop while it was still up, so I did and here it is.

To answer your question, yes I use notepad. By the way I still have part of SpyBot and can't figure how to get rid of it.

Here's the log from ComboFix:

ComboFix 12-07-21.01 - Sunny 07/22/2012 10:48:09.2.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1013.296 [GMT -4:00]
Running from: c:\users\Sunny\Desktop\ComboFix.exe
AV: Charter Security Suite 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Charter Security Suite 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
SP: Charter Security Suite 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 15:02 . 2012-07-22 15:02 -------- d-----w- c:\users\test\AppData\Local\temp
2012-07-22 15:02 . 2012-07-22 15:02 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-07-22 15:02 . 2012-07-22 15:02 -------- d-----w- c:\users\Rainbow\AppData\Local\temp
2012-07-22 15:02 . 2012-07-22 15:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 15:02 . 2012-07-22 15:02 -------- d-----w- c:\users\Amee\AppData\Local\temp
2012-07-22 14:34 . 2012-07-22 14:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7E445B5-2507-444D-B2D1-15FF4547E5E4}\offreg.dll
2012-07-22 13:31 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7E445B5-2507-444D-B2D1-15FF4547E5E4}\mpengine.dll
2012-07-21 21:06 . 2012-07-21 21:06 -------- d-----w- c:\users\Sunny\AppData\Roaming\QFX Software
2012-07-21 16:39 . 2012-07-22 15:02 -------- d-----w- c:\users\Sunny\AppData\Local\temp
2012-07-20 22:37 . 2012-07-20 22:37 -------- d-----w- C:\_OTL
2012-07-12 00:10 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:39 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 17:39 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 17:39 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 17:39 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 17:39 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 17:39 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 17:38 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 17:38 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 17:38 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 17:38 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 17:38 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 17:38 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 17:38 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 17:38 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 17:38 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-01 17:11 . 2012-07-01 17:11 -------- d-----w- c:\users\Rainbow\AppData\Local\HP
2012-06-26 03:30 . 2012-06-26 03:30 -------- d-----w- c:\users\Rainbow\AppData\Roaming\QFX Software
2012-06-26 03:30 . 2012-06-26 03:30 -------- d-----w- c:\programdata\QFX Software
2012-06-25 02:37 . 2012-06-25 02:37 -------- d-----w- c:\users\DefaultAppPool
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-08 20:20 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 20:20 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 20:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 20:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-08 20:20 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-08 20:20 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-08 20:19 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-08 20:18 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-08 20:18 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-06-17 03:49 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 03:03 . 2012-06-13 14:02 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-09 14:39 . 2010-08-05 00:05 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-05-04 09:59 . 2012-06-13 14:08 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-05-01 04:44 . 2012-06-13 14:00 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 14:03 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 14:00 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 14:00 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 14:00 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 13:59 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 13:59 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 13:59 103936 ----a-w- c:\windows\system32\cryptnet.dll
2011-01-18 08:53 . 2011-01-18 08:53 2994688 ----a-w- c:\program files\openofficeorg33.msi
2007-09-04 18:52 . 2010-06-26 22:02 83248 ----a-w- c:\program files\OLYMPUS Master.exe
1997-10-15 15:58 . 2010-06-20 17:10 1009152 ----a-w- c:\program files\PRESTOPM.EXE
2012-07-07 14:43 . 2012-02-20 23:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 703008]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2011-11-01 2531104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2011-11-01 358840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-10-15 10:09 233472 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2009-08-04 05:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-11-05 03:09 980368 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2009-08-05 15:57 2349664 ----a-w- c:\program files\Charter Security Suite\FSGUI\tnbutil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-10-25 09:20 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-10-25 09:20 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-03-05 16:15 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2009-09-10 13:42 349480 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-03-05 16:32 161064 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-12-09 10:19 8120864 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [x]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys [x]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [x]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [x]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [x]
R2 iprip;RIP Listener;c:\windows\System32\svchost.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [x]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [x]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [x]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\Win2K\FSfilter.sys [x]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\Win2K\FSrec.sys [x]
S0 21887434;21887434;c:\windows\system32\DRIVERS\21887434.sys [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
LPDService REG_MULTI_SZ LPDSVC
ipripsvc REG_MULTI_SZ iprip
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\6q78mrjr.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick
FF - prefs.js: browser.startup.homepage - hxxps://www.duckduckgo.com/
FF - user.js: general.useragent.extra.brc -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1684)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
Completion time: 2012-07-22 11:07:43
ComboFix-quarantined-files.txt 2012-07-22 15:07
ComboFix2.txt 2012-07-22 13:51
.
Pre-Run: 50,763,128,832 bytes free
Post-Run: 50,657,124,352 bytes free
.
- - End Of File - - C3CA0D94780E71A895FA1B64B202BA0D
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well I can see no sign of that file on your computer at all, how is the computer behaving ?
  • 0

#23
blueblue

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
My computer is still sluggish, I hoped removing SpyBot would fix that but the teatimer is still on my taskbar, though the message when the cursor is over it, says 0 files blacklisted. The OA alert still pops up, too.
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we will check that later

Does OA have a log that you could post

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#25
blueblue

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
I think I have logs from OA. I'll DL TDSSKiller, though I have it I'll update it, I don't recall it finding anything. I'll report back here soon.
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Its just that the logs are showing nothing untoward
  • 0

#27
blueblue

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
Hello, the TDSSKiller didn't find anything, and I'm looking for the log from OA, forgot where it is, still searching, unable to locate it,  thought I knew where it was. this is embarrassing.

NOTE: I found a History list for OA, there's an option to export it. Would that help?

Edited by blueblue, 22 July 2012 - 11:48 AM.

  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
firewall logs (located in the "Logs" folder. filenames start with "FW")
  • 0

#29
blueblue

blueblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 270 posts
Still looking, only thing I can find is a history list. In my previous post I edited it to say that, not knowing you had posted after it. Thank you for your time, help, and patience. I am so frustrated, and I imagine you are too. When I do tech support for a friend, I get frustrated because I'm on the phone and can't see what's going on, so I have an idea what it's like being the techie.

NOTEIn the history list, a message about the corrupted file:

Created: 7/22/2012 11:25:46 AM
Summary: Automatic Update failed
Description: OA: File help_ena.chm is corrupted
Event type: Auto update(11)
Event action: None(1)

Edited by blueblue, 22 July 2012 - 11:57 AM.

  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Next time it blocks could you take a screenshot of it
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP