[blueblue]

Hi, I can't seem to upload the file and when I try the basic uploader it sends me to my settings, I am stuck in a vicious cycle and going nowhere, am using IE, though I usually use FF but I have so many add ons and things blocked I forgot how to unblock them to let attachments work. So I got IE up and tried attaching the file where it says to browse and get the file. I have little patience for this tech stuff, that's why I'll never be a geek, tried to learn but it didn't work out.

Edited by blueblue, 21 July 2012 - 02:25 PM.

[Advertisements]

When the post is open
Click on browse
Locate the OTL log
then select attach file
[attachment=59108:Capture.GIF]

[Essexboy]

When the post is open
Click on browse
Locate the OTL log
then select attach file
[attachment=59108:Capture.GIF]

[blueblue]

Hi, that's what I did, but I was in a sandbox, now I'm not so I'll try it again but I can't see anything that says "attach this files", though I looked EVERYWHERE on the page. I can't find it anywhere I don't know why. Let me try posting the log again I don't know why it didn't display properly. I am very upset with this and am ready to just reinstall windows or something.

Edited by blueblue, 21 July 2012 - 05:27 PM.

[blueblue]

Here's the log, I unchecked the word wrap setting so it will allign properly.OTL logfile created on: 7/21/2012 2:13:42 PM - Run 2OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rainbow\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1013.10 Mb Total Physical Memory | 94.13 Mb Available Physical Memory | 9.29% Memory free1.99 Gb Paging File | 0.57 Gb Available in Paging File | 28.48% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 136.95 Gb Total Space | 45.91 Gb Free Space | 33.52% Space Free | Partition Type: NTFS Computer Name: AMEE-PC | User Name: Sunny | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/19 19:22:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rainbow\Desktop\OTL.exePRC - [2012/07/07 10:43:26 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2012/05/29 10:23:30 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exePRC - [2012/05/29 10:23:29 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exePRC - [2012/05/10 19:33:58 | 003,065,120 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exePRC - [2012/04/04 14:56:26 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exePRC - [2012/03/22 06:14:18 | 000,024,336 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieRpcSs.exePRC - [2012/03/22 06:14:18 | 000,018,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieDcomLaunch.exePRC - [2012/03/22 06:14:16 | 000,452,880 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exePRC - [2012/03/22 06:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exePRC - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exePRC - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exePRC - [2011/11/01 12:33:56 | 002,531,104 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exePRC - [2011/11/01 12:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exePRC - [2011/11/01 12:33:52 | 001,163,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exePRC - [2011/11/01 12:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exePRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exePRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exePRC - [2011/01/10 10:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exePRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exePRC - [2009/10/07 03:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exePRC - [2009/09/30 18:47:36 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exePRC - [2009/09/30 18:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exePRC - [2009/09/30 18:46:28 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exePRC - [2009/09/23 17:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exePRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GregHSRW.exePRC - [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exePRC - [2009/08/05 11:59:26 | 000,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exePRC - [2009/08/05 11:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXEPRC - [2009/08/05 11:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSM32.EXEPRC - [2009/08/05 11:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXEPRC - [2009/08/05 11:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exePRC - [2009/08/05 11:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exePRC - [2009/07/13 21:14:23 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exePRC - [2009/07/10 06:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exePRC - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exePRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exePRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exePRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ========== Modules (No Company Name) ========== MOD - [2012/07/07 10:43:24 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dllMOD - [2009/08/05 11:59:02 | 000,001,536 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSPC\fspcfsm.engMOD - [2009/08/05 11:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fshook32.dllMOD - [2009/08/05 11:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\strres.engMOD - [2009/08/05 11:56:56 | 000,920,160 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\gres.dllMOD - [2009/08/05 11:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\flyerres.engMOD - [2009/08/05 11:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\fsavures.engMOD - [2009/08/05 11:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\about.dllMOD - [2009/08/05 11:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\aboutres.dll ========== Win32 Services (SafeList) ========== SRV - [2012/07/07 10:43:25 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2012/05/10 19:33:58 | 003,065,120 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)SRV - [2012/03/22 06:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)SRV - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)SRV - [2011/11/01 12:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)SRV - [2011/11/01 12:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)SRV - [2010/07/31 22:42:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)SRV - [2009/09/30 18:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GregHSRW.exe -- (Greg_Service)SRV - [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)SRV - [2009/08/05 11:59:26 | 000,055,904 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe -- (FSORSPClient)SRV - [2009/08/05 11:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE -- (FSMA)SRV - [2009/08/05 11:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe -- (FSDFWD)SRV - [2009/08/05 11:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2009/07/13 21:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)SRV - [2009/07/13 21:15:33 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)SRV - [2009/07/10 06:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)SRV - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®SRV - [2007/03/07 09:51:52 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\LxrSII1s.exe -- (LxrSII1s) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Sunny\AppData\Local\Temp\catchme.sys -- (catchme)DRV - [2012/05/29 10:24:25 | 000,149,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)DRV - [2012/05/09 10:39:00 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts)DRV - [2012/03/22 06:14:14 | 000,134,416 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)DRV - [2012/02/29 22:04:34 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\21887434.sys -- (21887434)DRV - [2011/12/14 20:41:38 | 000,173,880 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)DRV - [2011/11/02 11:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)DRV - [2011/11/01 12:34:28 | 000,040,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)DRV - [2011/11/01 12:34:08 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)DRV - [2011/11/01 12:34:08 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)DRV - [2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)DRV - [2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)DRV - [2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)DRV - [2009/11/23 03:30:06 | 000,103,296 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)DRV - [2009/11/06 00:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)DRV - [2009/09/04 01:37:44 | 000,054,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)DRV - [2009/08/07 06:18:28 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)DRV - [2009/08/05 11:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys -- (F-Secure HIPS)DRV - [2009/08/05 11:57:20 | 000,071,040 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)DRV - [2009/08/05 11:57:12 | 000,035,680 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES)DRV - [2009/08/05 11:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)DRV - [2009/08/05 11:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)DRV - [2009/08/05 11:56:12 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys -- (fsvista)DRV - [2009/06/02 07:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)DRV - [2009/06/02 07:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)DRV - [2009/06/02 07:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...}&rlz=1I7ACAWIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-861964490-322295869-921149580-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://support.microsoft.com/IE - HKU\S-1-5-21-861964490-322295869-921149580-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}IE - HKU\S-1-5-21-861964490-322295869-921149580-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...x&FORM=IE8SRCIE - HKU\S-1-5-21-861964490-322295869-921149580-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...lz=1I7ACAW_enIE - HKU\S-1-5-21-861964490-322295869-921149580-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&sourceid=ie7IE - HKU\S-1-5-21-861964490-322295869-921149580-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-861964490-322295869-921149580-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...ww75w64k2r951IE - HKU\S-1-5-21-861964490-322295869-921149580-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...ww75w64k2r951IE - HKU\S-1-5-21-861964490-322295869-921149580-1002\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}IE - HKU\S-1-5-21-861964490-322295869-921149580-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...x&FORM=IE8SRCIE - HKU\S-1-5-21-861964490-322295869-921149580-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ixquick"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "https://www.duckduckgo.com/"FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..extensions.enabledItems: [email protected]:1.10FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not foundFF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Charter Security Suite\NRS\[email protected] [2012/07/13 09:16:21 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/04/11 21:38:46 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/07 10:43:27 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/15 19:09:16 | 000,000,000 | ---D | M] [2010/06/08 15:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sunny\AppData\Roaming\Mozilla\Extensions[2012/07/11 19:38:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\6q78mrjr.default\extensions[2012/07/11 19:38:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\6q78mrjr.default\extensions\staged[2010/10/28 19:14:27 | 000,002,484 | ---- | M] () -- C:\Users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\6q78mrjr.default\searchplugins\ixquick.xml[2012/02/20 19:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2012/07/13 09:16:21 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES\CHARTER SECURITY SUITE\NRS\[email protected][2012/06/07 13:35:58 | 000,525,079 | ---- | M] () (No name found) -- C:\USERS\SUNNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6Q78MRJR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI[2012/01/31 21:33:43 | 000,292,116 | ---- | M] () (No name found) -- C:\USERS\SUNNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6Q78MRJR.DEFAULT\EXTENSIONS\{AD48108D-92A6-4EB9-87E4-978ACA1DBAE4}.XPI[2012/01/27 13:23:30 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SUNNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6Q78MRJR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI[2012/07/07 10:43:27 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll[2012/02/18 11:16:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll[2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll[2012/05/01 23:39:31 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml[2012/02/20 19:21:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2012/05/01 23:39:30 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml[2012/05/01 23:39:30 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml[2012/05/01 23:39:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml[2012/05/01 23:39:30 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2012/07/21 12:39:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not foundO2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not foundO3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)O4 - HKLM..\Run: [combofix] C:\ComboFix\CF29268.3XE (Microsoft Corporation)O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)O4 - HKU\.DEFAULT..\Run: [DelayShred] c:\progra~1\mcafee\mshr\ShrCL.EXE /P1 /q C:\Users\Rainbow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RU244TTM\SYNCME~1.SH! File not foundO4 - HKU\S-1-5-18..\Run: [DelayShred] c:\progra~1\mcafee\mshr\ShrCL.EXE /P1 /q C:\Users\Rainbow\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RU244TTM\SYNCME~1.SH! File not foundO4 - HKU\S-1-5-21-861964490-322295869-921149580-1001..\Run: [LxrAutorun] C:\Users\Sunny\AppData\Local\Lexar Media\LxrAutorun.exe File not foundO4 - HKU\S-1-5-21-861964490-322295869-921149580-1002..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)O4 - HKU\S-1-5-21-861964490-322295869-921149580-1002..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)O4 - HKU\S-1-5-21-861964490-322295869-921149580-1002..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not foundO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-861964490-322295869-921149580-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-861964490-322295869-921149580-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-861964490-322295869-921149580-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\Sandbox_Rainbow_DefaultBox\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64F9C95D-74A6-436A-A1C9-B7CAF40E3775}: DhcpNameServer = 192.168.23.10 8.8.8.8 141.219.60.30O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD612608-98F2-447D-8306-503349FBF900}: DhcpNameServer = 192.168.1.1O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not foundNetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)NetSvcs: Nla - File not foundNetSvcs: Ntmssvc - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: SRService - File not foundNetSvcs: WmdmPmSp - File not foundNetSvcs: LogonHours - File not foundNetSvcs: PCAudit - File not foundNetSvcs: helpsvc - File not foundNetSvcs: uploadmgr - File not found CREATERESTOREPOINTRestore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/07/21 12:48:32 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV[2012/07/21 12:39:08 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/07/21 12:39:08 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Local\temp[2012/07/21 12:17:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/07/21 12:17:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/07/21 12:17:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/07/21 12:17:02 | 000,000,000 | --SD | C] -- C:\ComboFix[2012/07/21 12:16:50 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/07/21 12:16:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2012/07/21 12:13:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/07/21 12:03:59 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\Sunny\Desktop\ComboFix.exe[2012/07/20 18:37:50 | 000,000,000 | ---D | C] -- C:\_OTL[2012/06/25 23:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software[2010/06/26 18:02:22 | 000,083,248 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS Master.exe[2010/06/20 13:10:54 | 001,009,152 | ---- | C] (NewSoft, Inc.) -- C:\Program Files\PRESTOPM.EXE ========== Files - Modified Within 30 Days ========== [2012/07/21 12:53:57 | 000,015,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/07/21 12:53:57 | 000,015,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/07/21 12:47:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/07/21 12:47:52 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys[2012/07/21 12:39:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts[2012/07/21 11:58:59 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\Sunny\Desktop\ComboFix.exe[2012/07/20 16:33:53 | 000,704,740 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2012/07/20 16:33:52 | 000,136,404 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2012/07/20 14:10:38 | 000,007,860 | ---- | M] () -- C:\Windows\Sandboxie.ini[2012/07/11 20:19:45 | 000,359,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2012/06/25 23:31:59 | 000,029,438 | ---- | M] () -- C:\Users\Public\Documents\horizontal flowerline.rtf ========== Files Created - No Company Name ========== [2012/07/21 12:17:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/07/21 12:17:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/07/21 12:17:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/07/21 12:17:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/07/21 12:17:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/06/25 23:31:56 | 000,029,438 | ---- | C] () -- C:\Users\Public\Documents\horizontal flowerline.rtf[2012/04/01 15:43:54 | 000,007,860 | ---- | C] () -- C:\Windows\Sandboxie.ini[2012/03/24 01:12:06 | 000,709,968 | ---- | C] () -- C:\Windows\is-5CIN7.exe[2012/01/05 19:23:05 | 001,557,791 | ---- | C] () -- C:\Program Files\tdsskiller.zip[2012/01/05 18:53:04 | 000,000,025 | ---- | C] () -- C:\ProgramData\descript.ion[2011/12/21 18:45:46 | 000,040,296 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys[2011/12/21 18:45:45 | 000,205,864 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys[2011/03/21 17:01:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2011/01/18 04:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files\openofficeorg33.msi[2011/01/18 04:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files\openofficeorg1.cab[2011/01/18 04:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini[2010/12/08 20:38:54 | 000,000,268 | ---- | C] () -- C:\Windows\wininit.ini[2010/08/28 00:43:04 | 000,007,600 | ---- | C] () -- C:\Users\Sunny\AppData\Local\resmon.resmoncfg[2010/08/04 20:05:46 | 000,044,184 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys ========== LOP Check ========== [2010/06/06 19:16:01 | 000,000,000 | ---D | M] -- C:\Users\Amee\AppData\Roaming\Acer[2010/06/06 19:15:57 | 000,000,000 | ---D | M] -- C:\Users\Amee\AppData\Roaming\Leadertech[2011/12/22 17:23:07 | 000,000,000 | ---D | M] -- C:\Users\Amee\AppData\Roaming\OnlineArmor[2010/06/08 20:23:16 | 000,000,000 | ---D | M] -- C:\Users\Amee\AppData\Roaming\PeerNetworking[2010/06/07 00:11:28 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\Acer[2011/05/15 14:47:12 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\Amazon[2012/05/17 10:39:58 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\Auslogics[2010/09/03 17:44:27 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\F-Secure[2010/06/07 00:11:24 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\Leadertech[2012/02/17 22:28:57 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\OnlineArmor[2010/07/03 21:42:07 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\OpenOffice.org[2012/06/25 23:30:42 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\QFX Software[2010/06/14 10:16:55 | 000,000,000 | ---D | M] -- C:\Users\Rainbow\AppData\Roaming\Windows Live Writer[2012/06/05 09:56:44 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2010/05/17 12:52:44 | 364,503,280 | ---- | M] (Nero AG) -- C:\setupx.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:07BF512B< End of report >

[Essexboy]

A question if I may are you using notepad as the text editor ?

Could you reboot to safe mode and then re-run combofix please

To get to safe mode :

Restart the computer
Press and hold F8
On the menu that appears select safe mode with networking

[blueblue]

Hi, I had quite an adventure with this. When I got to Safe Mode, the log showed up, but when I went back to look for it I couldn't find it, so I just re-ran the program, then I got the idea to save it to the other desktop while it was still up, so I did and here it is.

To answer your question, yes I use notepad. By the way I still have part of SpyBot and can't figure how to get rid of it.

Here's the log from ComboFix:

ComboFix 12-07-21.01 - Sunny 07/22/2012 10:48:09.2.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1013.296 [GMT -4:00]
Running from: c:\users\Sunny\Desktop\ComboFix.exe
AV: Charter Security Suite 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Charter Security Suite 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
SP: Charter Security Suite 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 15:02 . 2012-07-22 15:02 -------- d-----w- c:\users\test\AppData\Local\temp
2012-07-22 15:02 . 2012-07-22 15:02 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-07-22 15:02 . 2012-07-22 15:02 -------- d-----w- c:\users\Rainbow\AppData\Local\temp
2012-07-22 15:02 . 2012-07-22 15:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 15:02 . 2012-07-22 15:02 -------- d-----w- c:\users\Amee\AppData\Local\temp
2012-07-22 14:34 . 2012-07-22 14:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7E445B5-2507-444D-B2D1-15FF4547E5E4}\offreg.dll
2012-07-22 13:31 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7E445B5-2507-444D-B2D1-15FF4547E5E4}\mpengine.dll
2012-07-21 21:06 . 2012-07-21 21:06 -------- d-----w- c:\users\Sunny\AppData\Roaming\QFX Software
2012-07-21 16:39 . 2012-07-22 15:02 -------- d-----w- c:\users\Sunny\AppData\Local\temp
2012-07-20 22:37 . 2012-07-20 22:37 -------- d-----w- C:\_OTL
2012-07-12 00:10 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:39 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 17:39 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 17:39 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 17:39 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 17:39 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 17:39 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 17:38 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 17:38 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 17:38 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 17:38 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 17:38 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 17:38 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 17:38 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 17:38 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 17:38 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-01 17:11 . 2012-07-01 17:11 -------- d-----w- c:\users\Rainbow\AppData\Local\HP
2012-06-26 03:30 . 2012-06-26 03:30 -------- d-----w- c:\users\Rainbow\AppData\Roaming\QFX Software
2012-06-26 03:30 . 2012-06-26 03:30 -------- d-----w- c:\programdata\QFX Software
2012-06-25 02:37 . 2012-06-25 02:37 -------- d-----w- c:\users\DefaultAppPool
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-08 20:20 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 20:20 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 20:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 20:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-08 20:20 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-08 20:20 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-08 20:19 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-08 20:18 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-08 20:18 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-06-17 03:49 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 03:03 . 2012-06-13 14:02 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-09 14:39 . 2010-08-05 00:05 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-05-04 09:59 . 2012-06-13 14:08 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-05-01 04:44 . 2012-06-13 14:00 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 14:03 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 14:00 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 14:00 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 14:00 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 13:59 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 13:59 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 13:59 103936 ----a-w- c:\windows\system32\cryptnet.dll
2011-01-18 08:53 . 2011-01-18 08:53 2994688 ----a-w- c:\program files\openofficeorg33.msi
2007-09-04 18:52 . 2010-06-26 22:02 83248 ----a-w- c:\program files\OLYMPUS Master.exe
1997-10-15 15:58 . 2010-06-20 17:10 1009152 ----a-w- c:\program files\PRESTOPM.EXE
2012-07-07 14:43 . 2012-02-20 23:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 703008]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2011-11-01 2531104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2011-11-01 358840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-10-15 10:09 233472 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2009-08-04 05:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-11-05 03:09 980368 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2009-08-05 15:57 2349664 ----a-w- c:\program files\Charter Security Suite\FSGUI\tnbutil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-10-25 09:20 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-10-25 09:20 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-03-05 16:15 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2009-09-10 13:42 349480 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-03-05 16:32 161064 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-12-09 10:19 8120864 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [x]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys [x]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [x]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [x]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [x]
R2 iprip;RIP Listener;c:\windows\System32\svchost.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [x]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [x]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [x]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\Win2K\FSfilter.sys [x]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\Win2K\FSrec.sys [x]
S0 21887434;21887434;c:\windows\system32\DRIVERS\21887434.sys [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
LPDService REG_MULTI_SZ LPDSVC
ipripsvc REG_MULTI_SZ iprip
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\6q78mrjr.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick
FF - prefs.js: browser.startup.homepage - hxxps://www.duckduckgo.com/
FF - user.js: general.useragent.extra.brc -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1684)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
Completion time: 2012-07-22 11:07:43
ComboFix-quarantined-files.txt 2012-07-22 15:07
ComboFix2.txt 2012-07-22 13:51
.
Pre-Run: 50,763,128,832 bytes free
Post-Run: 50,657,124,352 bytes free
.
- - End Of File - - C3CA0D94780E71A895FA1B64B202BA0D

[Essexboy]

Well I can see no sign of that file on your computer at all, how is the computer behaving ?

[blueblue]

My computer is still sluggish, I hoped removing SpyBot would fix that but the teatimer is still on my taskbar, though the message when the cursor is over it, says 0 files blacklisted. The OA alert still pops up, too.

[Essexboy]

OK we will check that later

Does OA have a log that you could post

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application
  
  
• Then click on Change parameters.
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
• Click the Start Scan button.
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
• Get the report by selecting Reports
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

[blueblue]

I think I have logs from OA. I'll DL TDSSKiller, though I have it I'll update it, I don't recall it finding anything. I'll report back here soon.

[Essexboy]

Its just that the logs are showing nothing untoward

[blueblue]

Hello, the TDSSKiller didn't find anything, and I'm looking for the log from OA, forgot where it is, still searching, unable to locate it,  thought I knew where it was. this is embarrassing.

NOTE: I found a History list for OA, there's an option to export it. Would that help?

Edited by blueblue, 22 July 2012 - 11:48 AM.

[Essexboy]

firewall logs (located in the "Logs" folder. filenames start with "FW")

[blueblue]

Still looking, only thing I can find is a history list. In my previous post I edited it to say that, not knowing you had posted after it. Thank you for your time, help, and patience. I am so frustrated, and I imagine you are too. When I do tech support for a friend, I get frustrated because I'm on the phone and can't see what's going on, so I have an idea what it's like being the techie.

NOTEIn the history list, a message about the corrupted file:

Created: 7/22/2012 11:25:46 AM
Summary: Automatic Update failed
Description: OA: File help_ena.chm is corrupted
Event type: Auto update(11)
Event action: None(1)

Edited by blueblue, 22 July 2012 - 11:57 AM.

[Essexboy]

Next time it blocks could you take a screenshot of it