Solved Check disk won't run, can't lock disk

LadyNia · Jul 18, 2012

Yesterday I was updating my computer and while updating my computer a notification popped up saying C:\Users\Roniesha\AppData\Roaming\Macromedia\FlashPlayer\macromedia.com\support\flashplayer\sys is corrupt and unreadable. Please run the chkdsk utility.

I tried to run the Chkdsk/ C I get the error message saying The type of the file system is NTFS. Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another process, Would you like to schedule this volume to be checked the time the system restarts? (Y/N)

When restarting the computer the check disk did not run. I have ran this in safe mode as well and has not work.

I would appreciate any help. Thanks for taking the time to read this post
Nia

LadyNia · Jul 18, 2012

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Roniesha :: RONIESHA-PC [administrator]

7/18/2012 8:56:08 AM
mbam-log-2012-07-18 (08-56-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224246
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

LadyNia · Jul 18, 2012

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-18 11:21:18
Windows 6.1.7601 Service Pack 1
Running: m4y1gvpp.exe

---- Files - GMER 1.0.15 ----

File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#petsmart.shoplocal.com 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#petsmart.shoplocal.com\settings.sol 92 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.btrll.com 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.btrll.com\settings.sol 85 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.ad.netshelter.net 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.ad.netshelter.net\settings.sol 91 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.innovid.com 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.innovid.com\settings.sol 85 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.oggifinogi.com 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.oggifinogi.com\settings.sol 88 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cfiles.5min.com 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cfiles.5min.com\settings.sol 85 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com\settings.sol 87 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\settings.sol 90 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#g-ecx.images-amazon.com 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#g-ecx.images-amazon.com\settings.sol 93 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#I.cdn.turner.com 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#I.cdn.turner.com\settings.sol 86 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ia.media-imdb.com 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ia.media-imdb.com\settings.sol 87 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol 75 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.socialvibe.com 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.socialvibe.com\settings.sol 90 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mediabrix.hs.llnwd.net 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mediabrix.hs.llnwd.net\settings.sol 92 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mw.50cubes.com 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mw.50cubes.com\settings.sol 84 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#petco.shoplocal.com 0 bytes
File C:\Users\Roniesha\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#petco.shoplocal.com\settings.sol 89 bytes

---- EOF - GMER 1.0.15 ----

LadyNia · Jul 18, 2012

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Roniesha at 10:24:49 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2242 [GMT -7:00]
.
AV: Charter Security Suite 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Charter Security Suite 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Charter Security Suite 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Charter Security Suite\Anti-Virus\fsgk32st.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Charter Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\Charter Security Suite\Common\FSMA32.EXE
C:\windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Charter Security Suite\Common\FSHDLL32.EXE
C:\Program Files (x86)\Charter Security Suite\Common\FSHDLL64.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\SysWOW64\rpcnet.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Charter Security Suite\Common\FSM32.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Charter Security Suite\Spam Control\fsscoepl_x64.exe
C:\Program Files (x86)\Charter Security Suite\ORSP Client\fsorsp.exe
C:\Program Files (x86)\Charter Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Charter Security Suite\Anti-Virus\fssm32.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Charter Security Suite\Anti-Virus\fsav32.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Roniesha\Downloads\m4y1gvpp.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\MEDIAC~1.5F~\STREAM~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Charter Security Suite\NRS\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Charter Security Suite\NRS\iescript\baselitmus.dll
uRun: [Google Update] "C:\Users\Roniesha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\Charter Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Charter Security Suite\FSPS\program\FSLSP.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4EF48F28-E890-4FA3-958F-9D3CF4758812} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DDFA4058-A472-4BD4-9EBE-2ED56EEC7E17} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DDFA4058-A472-4BD4-9EBE-2ED56EEC7E17}\4596E69734865656471686D27657563747 : DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
TCP: Interfaces\{DDFA4058-A472-4BD4-9EBE-2ED56EEC7E17}\8353349303 : DhcpNameServer = 192.168.1.1 4.2.2.2
BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1.5F~\STREAM~1\ARCURL~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Charter Security Suite\NRS\iescript\baselitmus.dll
BHO-X64: LitmusBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Charter Security Suite\NRS\iescript\baselitmus.dll
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\Common\FSM32.EXE" /splash
mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Charter Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Roniesha\AppData\Roaming\Mozilla\Firefox\Profiles\cvtwdj5y.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Roniesha\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Roniesha\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Roniesha\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2012-7-17 33408]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Charter Security Suite\HIPS\drivers\fshs.sys [2012-7-17 57920]
R1 FSES;F-Secure Email Scanning Driver;C:\windows\system32\drivers\fses.sys --> C:\windows\system32\drivers\fses.sys [?]
R1 FSFW;F-Secure Firewall Driver;C:\windows\system32\drivers\fsdfw.sys --> C:\windows\system32\drivers\fsdfw.sys [?]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys [2012-7-17 14904]
R1 pfmfs_463;pfmfs_463;C:\windows\system32\Drivers\pfmfs_463.sys --> C:\windows\system32\Drivers\pfmfs_463.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Charter Security Suite\Anti-Virus\fsgk32st.exe [2012-7-17 215648]
R2 HsfXAudioService;HsfXAudioService;C:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-4-21 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2011-4-21 126392]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-18 993848]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\windows\system32\DRIVERS\CAXHWAZL.sys --> C:\windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [2012-7-17 199848]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Charter Security Suite\ORSP Client\fsorsp.exe [2012-7-17 61088]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-4-21 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-3-31 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-8 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-8 135664]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [2012-7-17 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [2012-7-17 25184]
.
=============== Created Last 30 ================
.
2012-07-18 15:24:57 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-07-18 15:24:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-18 04:30:53 -------- d-----w- C:\Users\Roniesha\AppData\Local\Macromedia
2012-07-18 04:29:08 -------- d-----w- C:\Users\Roniesha\AppData\Local\Programs
2012-07-18 04:21:37 476936 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-07-18 03:54:39 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-18 03:42:00 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{96FDFE11-9FF9-418D-9656-2EFC734FFA45}\mpengine.dll
2012-07-18 01:54:27 55960 ----a-w- C:\windows\System32\drivers\fsbts.sys
2012-07-18 01:51:47 33408 ----a-w- C:\windows\SysWow64\drivers\fsbts.sys
2012-07-18 01:48:09 45624 ----a-w- C:\windows\System32\drivers\fses.sys
2012-07-18 01:48:04 94280 ----a-w- C:\windows\System32\drivers\fsdfw.sys
2012-07-18 01:46:59 -------- d-----w- C:\Program Files (x86)\Charter Security Suite
2012-07-18 01:44:58 -------- d-----w- C:\ProgramData\fssg
2012-07-18 01:38:06 -------- d-----w- C:\ProgramData\f-secure
2012-06-22 19:22:11 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-22 19:21:57 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-22 19:21:43 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-22 19:21:43 186752 ----a-w- C:\windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-18 16:12:06 17920 ----a-w- C:\windows\SysWow64\rpcnetp.dll
2012-07-18 16:12:05 58288 ----a-w- C:\windows\SysWow64\rpcnet.dll
2012-07-18 16:11:55 17920 ----a-w- C:\windows\SysWow64\rpcnetp.exe
2012-07-18 16:11:55 17920 ----a-w- C:\windows\System32\rpcnetp.exe
2012-07-18 04:21:31 472840 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-07-18 04:17:47 955840 ----a-w- C:\windows\System32\npdeployJava1.dll
2012-07-18 04:17:47 839096 ----a-w- C:\windows\System32\deployJava1.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-31 19:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-22 07:25:56 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
.
============= FINISH: 10:27:14.37 ===============

Jay Pfoutz · Jul 18, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please download Farbar Service Scanner and run it on the computer with the issue.

Check the following options: Internet Services, Windows Firewall, System restore, Security Center/Action Center, Windows Update, and Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

LadyNia · Jul 18, 2012

Farbar Service Scanner Version: 08-07-2012
Ran by Roniesha (administrator) on 18-07-2012 at 13:20:11
Running from "C:\Users\Roniesha\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Jay Pfoutz · Jul 18, 2012

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
It is important to rename ComboFix before the download.
Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.
It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

LadyNia · Jul 18, 2012

ComboFix 12-07-18.04 - Roniesha 07/18/2012 13:46:05.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2239 [GMT -7:00]
Running from: c:\users\Roniesha\Downloads\ComboFix.exe
AV: Charter Security Suite 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Charter Security Suite 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Charter Security Suite 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Roniesha\AppData\Roaming\.#
c:\windows\fspscprereqmsiinst.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 21:03 . 2012-07-18 21:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-18 21:03 . 2012-07-18 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 21:03 . 2012-07-18 21:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-18 19:26 . 2012-07-18 19:26 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96FDFE11-9FF9-418D-9656-2EFC734FFA45}\offreg.dll
2012-07-18 15:24 . 2012-07-18 15:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 15:24 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 04:30 . 2012-07-18 04:30 -------- d-----w- c:\users\Roniesha\AppData\Local\Macromedia
2012-07-18 04:29 . 2012-07-18 04:29 -------- d-----w- c:\users\Roniesha\AppData\Local\Programs
2012-07-18 04:21 . 2012-07-18 04:21 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-18 04:21 . 2012-07-18 04:21 -------- d-----w- c:\program files (x86)\Java
2012-07-18 04:18 . 2012-07-18 04:17 268720 ----a-w- c:\windows\system32\javaws.exe
2012-07-18 04:17 . 2012-07-18 04:17 189360 ----a-w- c:\windows\system32\javaw.exe
2012-07-18 04:17 . 2012-07-18 04:17 188840 ----a-w- c:\windows\system32\java.exe
2012-07-18 04:17 . 2012-07-18 04:17 -------- d-----w- c:\program files\Java
2012-07-18 03:54 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-18 03:42 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96FDFE11-9FF9-418D-9656-2EFC734FFA45}\mpengine.dll
2012-07-18 01:54 . 2012-07-18 01:54 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-07-18 01:51 . 2012-07-18 01:51 33408 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys
2012-07-18 01:48 . 2012-07-18 02:04 45624 ----a-w- c:\windows\system32\drivers\fses.sys
2012-07-18 01:48 . 2012-07-18 02:05 94280 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2012-07-18 01:46 . 2012-07-18 02:07 -------- d-----w- c:\program files (x86)\Charter Security Suite
2012-07-18 01:44 . 2012-07-18 01:45 -------- d-----w- c:\programdata\fssg
2012-07-18 01:38 . 2012-07-18 01:47 -------- d-----w- c:\programdata\f-secure
2012-07-03 01:15 . 2012-07-03 01:15 -------- d-----w- c:\users\Public\New folder
2012-06-22 19:22 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 19:22 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 19:22 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 19:22 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 19:21 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 19:21 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 19:21 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 19:21 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 19:21 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 18:47 . 2011-04-21 19:49 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-07-18 16:12 . 2011-04-21 19:49 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-07-18 16:12 . 2011-04-25 19:15 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-07-18 16:11 . 2011-04-21 19:49 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-07-18 04:21 . 2010-04-22 02:59 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-18 04:17 . 2012-02-23 09:58 955840 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-18 04:17 . 2012-02-23 09:58 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 03:52 . 2011-05-11 02:54 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-05-31 19:25 . 2011-04-25 19:32 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-20 20:37 . 2012-05-20 20:37 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-04 11:06 . 2012-06-16 21:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-16 21:53 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-16 21:53 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-16 21:53 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-16 21:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-16 21:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-16 21:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-16 21:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-16 21:53 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-16 21:53 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-16 21:53 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-16 21:53 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-16 21:53 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-16 21:53 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-22 07:25 . 2012-04-22 07:25 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2010-07-07 17:57 153064 ----a-w- c:\windows\SysWOW64\pfmshx_463.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-22 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"F-Secure Manager"="c:\program files (x86)\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files (x86)\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-18 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 135664]
R3 Normandy;Normandy SR2; [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-30 1255736]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\Charter Security Suite\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\Charter Security Suite\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-07-18 55960]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-22 283200]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Charter Security Suite\HIPS\drivers\fshs.sys [2009-08-05 57920]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-07-18 45624]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-07-18 94280]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904]
S1 pfmfs_463;pfmfs_463;c:\windows\system32\Drivers\pfmfs_463.sys [2010-07-07 249704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-06-28 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [2012-07-18 199848]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Charter Security Suite\ORSP Client\fsorsp.exe [2012-07-18 61088]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-23 75304]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-03-31 835952]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 20:54]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 20:54]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240996578-1074617293-3798557580-1001Core.job
- c:\users\Roniesha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26 07:06]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240996578-1074617293-3798557580-1001UA.job
- c:\users\Roniesha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26 07:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2010-07-07 17:57 173544 ----a-w- c:\windows\System32\pfmshx_463.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-20 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-20 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-20 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Charter Security Suite\FSPS\program\FSLSP.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Roniesha\AppData\Roaming\Mozilla\Firefox\Profiles\cvtwdj5y.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-18 14:11:47
ComboFix-quarantined-files.txt 2012-07-18 21:11
.
Pre-Run: 160,698,601,472 bytes free
Post-Run: 160,624,488,448 bytes free
.
- - End Of File - - 649E8AC94A5D1A738D29548884C3DE97

Jay Pfoutz · Jul 19, 2012

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

LadyNia · Jul 19, 2012

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=56695484160dda4fad7f5bd6a4433d59
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-03 06:51:50
# local_time=2011-06-02 11:51:50 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 1061788 1061788 0 0
# compatibility_mode=5121 16777213 100 75 0 20072746 0 0
# compatibility_mode=5893 16776574 100 94 0 58623200 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=143468
# found=0
# cleaned=0
# scan_time=4181
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=56695484160dda4fad7f5bd6a4433d59
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-19 10:28:32
# local_time=2012-07-19 03:28:32 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 36710441 36710441 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 94271853 0 0
# compatibility_mode=8192 67108863 100 0 34728717 34728717 0 0
# scanned=365263
# found=0
# cleaned=0
# scan_time=8509

Jay Pfoutz · Jul 20, 2012

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

LadyNia · Jul 20, 2012

My computer doesn't seem to be running slower unless I am trying to look at something that may use flash player. The only error that I have been receiving is the one that the C:\Users\Roniesha\AppData\Roaming\Macromedia\FlashPlayer\macromedia.com\support\flashplayer\sys is corrupt and unreadable. Now it seems to be telling me this in some other language though. My computer was fine until I updated my flash player. No there has been no system crashes or blue screen of death. How can I find out if svchost.exe is running at 100% because I can't find it under the process tab in Windows task manager. I am attaching a word document of two print screens that shows the error message I have been receiving.

Jay Pfoutz · Jul 21, 2012

The process noted here is used for automated uninstall and reinstall of the Flash Player: http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html

LadyNia · Jul 21, 2012

I tried this and it didn't help I am still having the same issue.

Jay Pfoutz · Jul 22, 2012

And you are downloading the x64 version, correct?

LadyNia · Jul 23, 2012

Yes, I am downloading the x64 version.

Jay Pfoutz · Jul 23, 2012

Okay.

Any trouble saving files or installs?

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

LadyNia · Jul 23, 2012

No, I am not having any problems with saving files and no problems with installs.

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Roniesha [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/23/2012 15:29:22

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 9 / Fail 0
Quick launch: Success 2 / Fail 0
Programs: Success 7 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 756 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 102 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\CdRom1 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Jay Pfoutz · Jul 24, 2012

Great! Please re-run the uninstall and then reinstall Flash. Let's see what that brings us to...

LadyNia · Jul 25, 2012

Still the same problem.

Jay Pfoutz · Jul 25, 2012

Please download MGADiag and save it to your desktop.
Double click the

icon on your desktop.
Push Continue
Push Copy
Go to Start -> Run and type in "Notepad"
Go to Edit -> Paste in notepad.
x out all of the numbers and letters in the line beginning with "Windows Product Key:"
Copy and paste that log here.

How to capture an event log and upload it to the forum:

First, open Event Viewer by clicking Start -> Run -> type eventvwr.msc and press ENTER.
In the Event Viewer please right click the requested event log Application and click Save Log File As.
Please save the logfile to your desktop and give it a recognizable name.
Do this for each log that has been requested.
When you are finished saving the necessary logs, close Event Viewer.
On your desktop find the saved log files. Hold the CTRL key and click to select each event log.
When all event logs are selected, right-click one of them, click Send to -> Compressed Zip Folder.
A new .ZIP file will have been created on your desktop. Please attach that file to this forum in your next reply.

LadyNia · Jul 25, 2012

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****xxxxx-xxxxx-xxxxx
Windows Product Key Hash: Xs1iQgVeo0C+sObJxS7eu+FuBPQ=
Windows Product ID: 00359-OEM-8992687-00057
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {1CA7B96A-59B7-4704-9EE1-FC64F1F582E3}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120503-2030
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1CA7B96A-59B7-4704-9EE1-FC64F1F582E3}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-W8DQG</PKey><PID>00359-OEM-8992687-00057</PID><PIDType>2</PIDType><SID>S-1-5-21-240996578-1074617293-3798557580</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L655</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V1.00 </Version><SMBIOSVersion major="2" minor="5"/><Date>20100504000000.000000+000</Date></BIOS><HWID>EC6E3707018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSQCI</OEMID><OEMTableID>TOSQCI00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>107A24FEABFC738</Val><Hash>CUYTtwsJbn2TDyYKgSRnSaRPVcA=</Hash><Pid>81602-924-4228122-68173</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800057-02-1033-7600.0000-1112010
Installation ID: 005330065190816280201190420472155943266780878815028695
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: W8DQG
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 7/25/2012 11:50:18 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 5:21:2012 10:14
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MAAAAAIAAQABAAIAAAABAAAAAgABAAEA6GE41JoOdxZKQ6jkzqZMtOqI2PdEmEbK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP T0SQCI TOSQCI00
HPET TOSQCI TOSQCI00
BOOT PTLTD $SBFTBL$
MCFG TOSQCI TOSQCI00
SLIC TOSQCI TOSQCI00
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci

LadyNia · Jul 25, 2012

I am having a bit of trouble. I was trying to do the event logs and I am a little bit confused because I am not sure if you want me to right click on application and logs or on windows logs where there is application as well. Also when I right click save log file as is not an option. I am not sure what I am doing hopefully you can help me.

Jay Pfoutz · Jul 26, 2012

Sorry for not making that clear...

Should be under Windows Logs, like so:

LadyNia · Jul 26, 2012

Okay I tried to upload the file but the site wont allow me saying that the file is too large.

Solved Check disk won't run, can't lock disk

Posts: 98 +0

Posts: 98 +0

Posts: 98 +0

Posts: 98 +0

Posts: 4,279 +49

Posts: 98 +0

Posts: 4,279 +49

Posts: 98 +0

Posts: 4,279 +49

Posts: 98 +0

Posts: 4,279 +49

Posts: 98 +0

Attachments

Posts: 4,279 +49

Posts: 98 +0

Posts: 4,279 +49

Posts: 98 +0

Posts: 4,279 +49

Posts: 98 +0

Posts: 4,279 +49

Posts: 98 +0

Posts: 4,279 +49

Posts: 98 +0

Posts: 98 +0

Posts: 4,279 +49

Posts: 98 +0

Similar threads