TechSpot

Check disk won't run, can't lock disk

By LadyNia
Jul 18, 2012
  1. Yesterday I was updating my computer and while updating my computer a notification popped up saying C:\Users\Roniesha\AppData\Roaming\Macromedia\FlashPlayer\macromedia.com\support\flashplayer\sys is corrupt and unreadable. Please run the chkdsk utility.

    I tried to run the Chkdsk/ C I get the error message saying The type of the file system is NTFS. Cannot lock current drive.

    Chkdsk cannot run because the volume is in use by another process, Would you like to schedule this volume to be checked the time the system restarts? (Y/N)

    When restarting the computer the check disk did not run. I have ran this in safe mode as well and has not work.

    I would appreciate any help. Thanks for taking the time to read this post
    Nia
     
  2. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.18.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Roniesha :: RONIESHA-PC [administrator]

    7/18/2012 8:56:08 AM
    mbam-log-2012-07-18 (08-56-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224246
    Time elapsed: 3 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  3. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-18 11:21:18
    Windows 6.1.7601 Service Pack 1
    Running: m4y1gvpp.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#petsmart.shoplocal.com 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#petsmart.shoplocal.com\settings.sol 92 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.btrll.com 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.btrll.com\settings.sol 85 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.ad.netshelter.net 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.ad.netshelter.net\settings.sol 91 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.innovid.com 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.innovid.com\settings.sol 85 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.oggifinogi.com 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.oggifinogi.com\settings.sol 88 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cfiles.5min.com 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cfiles.5min.com\settings.sol 85 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com\settings.sol 87 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\settings.sol 90 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#g-ecx.images-amazon.com 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#g-ecx.images-amazon.com\settings.sol 93 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#I.cdn.turner.com 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#I.cdn.turner.com\settings.sol 86 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ia.media-imdb.com 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ia.media-imdb.com\settings.sol 87 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol 75 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.socialvibe.com 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.socialvibe.com\settings.sol 90 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mediabrix.hs.llnwd.net 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mediabrix.hs.llnwd.net\settings.sol 92 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mw.50cubes.com 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mw.50cubes.com\settings.sol 84 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#petco.shoplocal.com 0 bytes
    File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#petco.shoplocal.com\settings.sol 89 bytes

    ---- EOF - GMER 1.0.15 ----
     
  4. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
    Run by Roniesha at 10:24:49 on 2012-07-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2242 [GMT -7:00]
    .
    AV: Charter Security Suite 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    SP: Charter Security Suite 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Charter Security Suite 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Charter Security Suite\Anti-Virus\fsgk32st.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Charter Security Suite\Anti-Virus\FSGK32.EXE
    C:\Program Files (x86)\Charter Security Suite\Common\FSMA32.EXE
    C:\windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Program Files (x86)\Charter Security Suite\Common\FSHDLL32.EXE
    C:\Program Files (x86)\Charter Security Suite\Common\FSHDLL64.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
    C:\windows\SysWOW64\rpcnet.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Charter Security Suite\Common\FSM32.EXE
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Charter Security Suite\Spam Control\fsscoepl_x64.exe
    C:\Program Files (x86)\Charter Security Suite\ORSP Client\fsorsp.exe
    C:\Program Files (x86)\Charter Security Suite\FWES\Program\fsdfwd.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Charter Security Suite\Anti-Virus\fssm32.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Charter Security Suite\Anti-Virus\fsav32.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Roniesha\Downloads\m4y1gvpp.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\MEDIAC~1.5F~\STREAM~1\ARCURL~1.DLL
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Charter Security Suite\NRS\iescript\baselitmus.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Charter Security Suite\NRS\iescript\baselitmus.dll
    uRun: [Google Update] "C:\Users\Roniesha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\Common\FSM32.EXE" /splash
    mRun: [F-Secure TNB] "C:\Program Files (x86)\Charter Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    LSP: C:\Program Files (x86)\Charter Security Suite\FSPS\program\FSLSP.DLL
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{4EF48F28-E890-4FA3-958F-9D3CF4758812} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{DDFA4058-A472-4BD4-9EBE-2ED56EEC7E17} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{DDFA4058-A472-4BD4-9EBE-2ED56EEC7E17}\4596E69734865656471686D27657563747 : DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
    TCP: Interfaces\{DDFA4058-A472-4BD4-9EBE-2ED56EEC7E17}\8353349303 : DhcpNameServer = 192.168.1.1 4.2.2.2
    BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1.5F~\STREAM~1\ARCURL~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Charter Security Suite\NRS\iescript\baselitmus.dll
    BHO-X64: LitmusBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Charter Security Suite\NRS\iescript\baselitmus.dll
    mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\Common\FSM32.EXE" /splash
    mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Charter Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Roniesha\AppData\Roaming\Mozilla\Firefox\Profiles\cvtwdj5y.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Roniesha\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Roniesha\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Roniesha\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2012-7-17 33408]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Charter Security Suite\HIPS\drivers\fshs.sys [2012-7-17 57920]
    R1 FSES;F-Secure Email Scanning Driver;C:\windows\system32\drivers\fses.sys --> C:\windows\system32\drivers\fses.sys [?]
    R1 FSFW;F-Secure Firewall Driver;C:\windows\system32\drivers\fsdfw.sys --> C:\windows\system32\drivers\fsdfw.sys [?]
    R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys [2012-7-17 14904]
    R1 pfmfs_463;pfmfs_463;C:\windows\system32\Drivers\pfmfs_463.sys --> C:\windows\system32\Drivers\pfmfs_463.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Charter Security Suite\Anti-Virus\fsgk32st.exe [2012-7-17 215648]
    R2 HsfXAudioService;HsfXAudioService;C:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
    R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-4-21 123320]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2011-4-21 126392]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-18 993848]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
    R3 CAXHWAZL;CAXHWAZL;C:\windows\system32\DRIVERS\CAXHWAZL.sys --> C:\windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [2012-7-17 199848]
    R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Charter Security Suite\ORSP Client\fsorsp.exe [2012-7-17 61088]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    R3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]
    R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-4-21 54136]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-3-31 835952]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-8 135664]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-8 135664]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [2012-7-17 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [2012-7-17 25184]
    .
    =============== Created Last 30 ================
    .
    2012-07-18 15:24:57 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-07-18 15:24:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-18 04:30:53 -------- d-----w- C:\Users\Roniesha\AppData\Local\Macromedia
    2012-07-18 04:29:08 -------- d-----w- C:\Users\Roniesha\AppData\Local\Programs
    2012-07-18 04:21:37 476936 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
    2012-07-18 03:54:39 3148800 ----a-w- C:\windows\System32\win32k.sys
    2012-07-18 03:42:00 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{96FDFE11-9FF9-418D-9656-2EFC734FFA45}\mpengine.dll
    2012-07-18 01:54:27 55960 ----a-w- C:\windows\System32\drivers\fsbts.sys
    2012-07-18 01:51:47 33408 ----a-w- C:\windows\SysWow64\drivers\fsbts.sys
    2012-07-18 01:48:09 45624 ----a-w- C:\windows\System32\drivers\fses.sys
    2012-07-18 01:48:04 94280 ----a-w- C:\windows\System32\drivers\fsdfw.sys
    2012-07-18 01:46:59 -------- d-----w- C:\Program Files (x86)\Charter Security Suite
    2012-07-18 01:44:58 -------- d-----w- C:\ProgramData\fssg
    2012-07-18 01:38:06 -------- d-----w- C:\ProgramData\f-secure
    2012-06-22 19:22:11 2622464 ----a-w- C:\windows\System32\wucltux.dll
    2012-06-22 19:21:57 99840 ----a-w- C:\windows\System32\wudriver.dll
    2012-06-22 19:21:43 36864 ----a-w- C:\windows\System32\wuapp.exe
    2012-06-22 19:21:43 186752 ----a-w- C:\windows\System32\wuwebv.dll
    .
    ==================== Find3M ====================
    .
    2012-07-18 16:12:06 17920 ----a-w- C:\windows\SysWow64\rpcnetp.dll
    2012-07-18 16:12:05 58288 ----a-w- C:\windows\SysWow64\rpcnet.dll
    2012-07-18 16:11:55 17920 ----a-w- C:\windows\SysWow64\rpcnetp.exe
    2012-07-18 16:11:55 17920 ----a-w- C:\windows\System32\rpcnetp.exe
    2012-07-18 04:21:31 472840 ----a-w- C:\windows\SysWow64\deployJava1.dll
    2012-07-18 04:17:47 955840 ----a-w- C:\windows\System32\npdeployJava1.dll
    2012-07-18 04:17:47 839096 ----a-w- C:\windows\System32\deployJava1.dll
    2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
    2012-05-31 19:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
    2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
    2012-04-22 07:25:56 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
    .
    ============= FINISH: 10:27:14.37 ===============
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check the following options: Internet Services, Windows Firewall, System restore, Security Center/Action Center, Windows Update, and Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  6. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    Farbar Service Scanner Version: 08-07-2012
    Ran by Roniesha (administrator) on 18-07-2012 at 13:20:11
    Running from "C:\Users\Roniesha\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  8. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    ComboFix 12-07-18.04 - Roniesha 07/18/2012 13:46:05.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2239 [GMT -7:00]
    Running from: c:\users\Roniesha\Downloads\ComboFix.exe
    AV: Charter Security Suite 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    FW: Charter Security Suite 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    SP: Charter Security Suite 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Roniesha\AppData\Roaming\.#
    c:\windows\fspscprereqmsiinst.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-18 21:03 . 2012-07-18 21:03 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-07-18 21:03 . 2012-07-18 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-18 21:03 . 2012-07-18 21:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-07-18 19:26 . 2012-07-18 19:26 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96FDFE11-9FF9-418D-9656-2EFC734FFA45}\offreg.dll
    2012-07-18 15:24 . 2012-07-18 15:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-18 15:24 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-18 04:30 . 2012-07-18 04:30 -------- d-----w- c:\users\Roniesha\AppData\Local\Macromedia
    2012-07-18 04:29 . 2012-07-18 04:29 -------- d-----w- c:\users\Roniesha\AppData\Local\Programs
    2012-07-18 04:21 . 2012-07-18 04:21 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-07-18 04:21 . 2012-07-18 04:21 -------- d-----w- c:\program files (x86)\Java
    2012-07-18 04:18 . 2012-07-18 04:17 268720 ----a-w- c:\windows\system32\javaws.exe
    2012-07-18 04:17 . 2012-07-18 04:17 189360 ----a-w- c:\windows\system32\javaw.exe
    2012-07-18 04:17 . 2012-07-18 04:17 188840 ----a-w- c:\windows\system32\java.exe
    2012-07-18 04:17 . 2012-07-18 04:17 -------- d-----w- c:\program files\Java
    2012-07-18 03:54 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-18 03:42 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96FDFE11-9FF9-418D-9656-2EFC734FFA45}\mpengine.dll
    2012-07-18 01:54 . 2012-07-18 01:54 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2012-07-18 01:51 . 2012-07-18 01:51 33408 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys
    2012-07-18 01:48 . 2012-07-18 02:04 45624 ----a-w- c:\windows\system32\drivers\fses.sys
    2012-07-18 01:48 . 2012-07-18 02:05 94280 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2012-07-18 01:46 . 2012-07-18 02:07 -------- d-----w- c:\program files (x86)\Charter Security Suite
    2012-07-18 01:44 . 2012-07-18 01:45 -------- d-----w- c:\programdata\fssg
    2012-07-18 01:38 . 2012-07-18 01:47 -------- d-----w- c:\programdata\f-secure
    2012-07-03 01:15 . 2012-07-03 01:15 -------- d-----w- c:\users\Public\New folder
    2012-06-22 19:22 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 19:22 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 19:22 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 19:22 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 19:21 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 19:21 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 19:21 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 19:21 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 19:21 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-18 18:47 . 2011-04-21 19:49 17920 ----a-w- c:\windows\system32\rpcnetp.exe
    2012-07-18 16:12 . 2011-04-21 19:49 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
    2012-07-18 16:12 . 2011-04-25 19:15 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
    2012-07-18 16:11 . 2011-04-21 19:49 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
    2012-07-18 04:21 . 2010-04-22 02:59 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-07-18 04:17 . 2012-02-23 09:58 955840 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-07-18 04:17 . 2012-02-23 09:58 839096 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-18 03:52 . 2011-05-11 02:54 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-05-31 19:25 . 2011-04-25 19:32 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-20 20:37 . 2012-05-20 20:37 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
    2012-05-04 11:06 . 2012-06-16 21:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-16 21:53 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-16 21:53 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40 . 2012-06-16 21:53 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 03:55 . 2012-06-16 21:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:41 . 2012-06-16 21:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 05:41 . 2012-06-16 21:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:34 . 2012-06-16 21:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 05:37 . 2012-06-16 21:53 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 05:37 . 2012-06-16 21:53 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-24 05:37 . 2012-06-16 21:53 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36 . 2012-06-16 21:53 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36 . 2012-06-16 21:53 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36 . 2012-06-16 21:53 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-04-22 07:25 . 2012-04-22 07:25 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
    @="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
    [HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
    2010-07-07 17:57 153064 ----a-w- c:\windows\SysWOW64\pfmshx_463.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-22 39408]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
    "NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "F-Secure Manager"="c:\program files (x86)\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB"="c:\program files (x86)\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-18 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 135664]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 135664]
    R3 Normandy;Normandy SR2; [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-30 1255736]
    R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\Charter Security Suite\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
    R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\Charter Security Suite\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-07-18 55960]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-22 283200]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Charter Security Suite\HIPS\drivers\fshs.sys [2009-08-05 57920]
    S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-07-18 45624]
    S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-07-18 94280]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904]
    S1 pfmfs_463;pfmfs_463;c:\windows\system32\Drivers\pfmfs_463.sys [2010-07-07 249704]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-06-28 123320]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [2012-07-18 199848]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Charter Security Suite\ORSP Client\fsorsp.exe [2012-07-18 61088]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-23 75304]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
    S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
    S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-03-31 835952]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 20:54]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 20:54]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240996578-1074617293-3798557580-1001Core.job
    - c:\users\Roniesha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26 07:06]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240996578-1074617293-3798557580-1001UA.job
    - c:\users\Roniesha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26 07:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
    @="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
    [HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
    2010-07-07 17:57 173544 ----a-w- c:\windows\System32\pfmshx_463.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-20 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-20 391192]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-20 410648]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    LSP: c:\program files (x86)\Charter Security Suite\FSPS\program\FSLSP.DLL
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Roniesha\AppData\Roaming\Mozilla\Firefox\Profiles\cvtwdj5y.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-07-18 14:11:47
    ComboFix-quarantined-files.txt 2012-07-18 21:11
    .
    Pre-Run: 160,698,601,472 bytes free
    Post-Run: 160,624,488,448 bytes free
    .
    - - End Of File - - 649E8AC94A5D1A738D29548884C3DE97
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  10. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=56695484160dda4fad7f5bd6a4433d59
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-06-03 06:51:50
    # local_time=2011-06-02 11:51:50 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1024 16777215 100 0 1061788 1061788 0 0
    # compatibility_mode=5121 16777213 100 75 0 20072746 0 0
    # compatibility_mode=5893 16776574 100 94 0 58623200 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=143468
    # found=0
    # cleaned=0
    # scan_time=4181
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=56695484160dda4fad7f5bd6a4433d59
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-19 10:28:32
    # local_time=2012-07-19 03:28:32 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1024 16777215 100 0 36710441 36710441 0 0
    # compatibility_mode=2304 16777215 100 0 0 0 0 0
    # compatibility_mode=5893 16776574 100 94 0 94271853 0 0
    # compatibility_mode=8192 67108863 100 0 34728717 34728717 0 0
    # scanned=365263
    # found=0
    # cleaned=0
    # scan_time=8509
     
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  12. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    My computer doesn't seem to be running slower unless I am trying to look at something that may use flash player. The only error that I have been receiving is the one that the C:\Users\Roniesha\AppData\Roaming\Macromedia\FlashPlayer\macromedia.com\support\flashplayer\sys is corrupt and unreadable. Now it seems to be telling me this in some other language though. My computer was fine until I updated my flash player. No there has been no system crashes or blue screen of death. How can I find out if svchost.exe is running at 100% because I can't find it under the process tab in Windows task manager. I am attaching a word document of two print screens that shows the error message I have been receiving.
     

    Attached Files:

  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

  14. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    I tried this and it didn't help I am still having the same issue.
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    And you are downloading the x64 version, correct?
     
  16. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    Yes, I am downloading the x64 version.
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Okay.

    Any trouble saving files or installs?

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
     
  18. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    No, I am not having any problems with saving files and no problems with installs.


    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Roniesha [Admin rights]
    Mode: Shortcuts HJfix -- Date: 07/23/2012 15:29:22

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 9 / Fail 0
    Quick launch: Success 2 / Fail 0
    Programs: Success 7 / Fail 0
    Start menu: Success 1 / Fail 0
    User folder: Success 756 / Fail 0
    My documents: Success 0 / Fail 0
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 0 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 102 / Fail 0
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    [E:] \Device\CdRom1 -- 0x5 --> Skipped

    ¤¤¤ Infection : ¤¤¤

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Great! Please re-run the uninstall and then reinstall Flash. Let's see what that brings us to...
     
  20. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    Still the same problem.
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    1. Please download MGADiag and save it to your desktop.
    2. Double click the [​IMG] icon on your desktop.
    3. Push Continue
    4. Push Copy
    5. Go to Start -> Run and type in "Notepad"
    6. Go to Edit -> Paste in notepad.
    7. x out all of the numbers and letters in the line beginning with "Windows Product Key:"
    8. Copy and paste that log here.
    How to capture an event log and upload it to the forum:
    • First, open Event Viewer by clicking Start -> Run -> type eventvwr.msc and press ENTER.
    • In the Event Viewer please right click the requested event log Application and click Save Log File As.
    • Please save the logfile to your desktop and give it a recognizable name.
    • Do this for each log that has been requested.
    • When you are finished saving the necessary logs, close Event Viewer.
    • On your desktop find the saved log files. Hold the CTRL key and click to select each event log.
    • When all event logs are selected, right-click one of them, click Send to -> Compressed Zip Folder.
    • A new .ZIP file will have been created on your desktop. Please attach that file to this forum in your next reply.
     
  22. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****xxxxx-xxxxx-xxxxx
    Windows Product Key Hash: Xs1iQgVeo0C+sObJxS7eu+FuBPQ=
    Windows Product ID: 00359-OEM-8992687-00057
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {1CA7B96A-59B7-4704-9EE1-FC64F1F582E3}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120503-2030
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{1CA7B96A-59B7-4704-9EE1-FC64F1F582E3}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-W8DQG</PKey><PID>00359-OEM-8992687-00057</PID><PIDType>2</PIDType><SID>S-1-5-21-240996578-1074617293-3798557580</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L655</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V1.00 </Version><SMBIOSVersion major="2" minor="5"/><Date>20100504000000.000000+000</Date></BIOS><HWID>EC6E3707018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSQCI</OEMID><OEMTableID>TOSQCI00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>107A24FEABFC738</Val><Hash>CUYTtwsJbn2TDyYKgSRnSaRPVcA=</Hash><Pid>81602-924-4228122-68173</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800057-02-1033-7600.0000-1112010
    Installation ID: 005330065190816280201190420472155943266780878815028695
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: W8DQG
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 7/25/2012 11:50:18 AM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 5:21:2012 10:14
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: MAAAAAIAAQABAAIAAAABAAAAAgABAAEA6GE41JoOdxZKQ6jkzqZMtOqI2PdEmEbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC PTLTD APIC
    FACP T0SQCI TOSQCI00
    HPET TOSQCI TOSQCI00
    BOOT PTLTD $SBFTBL$
    MCFG TOSQCI TOSQCI00
    SLIC TOSQCI TOSQCI00
    SSDT SataRe SataAhci
    SSDT SataRe SataAhci
    SSDT SataRe SataAhci
    SSDT SataRe SataAhci
     
  23. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    I am having a bit of trouble. I was trying to do the event logs and I am a little bit confused because I am not sure if you want me to right click on application and logs or on windows logs where there is application as well. Also when I right click save log file as is not an option. I am not sure what I am doing hopefully you can help me.
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Sorry for not making that clear...

    Should be under Windows Logs, like so:
    [​IMG]
     
  25. LadyNia

    LadyNia TS Enthusiast Topic Starter Posts: 91

    Okay I tried to upload the file but the site wont allow me saying that the file is too large.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...