Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

installation trouble, possible virus


  • This topic is locked This topic is locked
34 replies to this topic

#1 ald111

ald111

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 02 October 2012 - 12:54 PM

I am trying to install sql 2012. When I click it it extracts then disappears. If I right click and click run as administrator it extracts, a cmd prompt appears for a split second, then everything disappears. I have changed my UAC to never to stop the "needs elevation" problem. I have discovered when I click restore, or troubleshoot, or review your computers status or add/remove user and a few others either nothing happens or it says "windows cannot find '......\pageAdminTasks' make sure you typed the name correctly, then try again" or "...pagePickMyPicture" etc. same problem with credentials, nothing appears for parental control.
Any suggestions?

BC AdBot (Login to Remove)

 


#2 ald111

ald111
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 02 October 2012 - 01:01 PM

also if I click restore from advanced boot settings/repair your computer it says there are no restore points when I know I have made several and used them within the past few months.

running Windows 7

#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 PM

Posted 04 October 2012 - 01:22 PM

Hello ald111 and welcome to Bleepingcomputer forums.

Please confirm for me that you are logged in with an account that has administrator rights.


Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 PM

Posted 06 October 2012 - 11:41 AM

Please advise me if you are still with us? or if you have resolved your issue ?

Be advised I close my threads after 4 days without a reply.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 ald111

ald111
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 06 October 2012 - 01:35 PM

I did fix this problem. The registry was corrupt from the sp1 update uninstalling.

However I am working with another windows 7 laptop and cannot figure out how to fix it. I will try to run what you listed on it and post the results today.
Thank you

#6 ald111

ald111
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 06 October 2012 - 01:47 PM

log.txt



Logfile of random's system information tool 1.09 (written by random/random)
Run by Mr.Cherry at 2012-10-06 14:43:19
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 425 GB (92%) free of 463 GB
Total RAM: 3894 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:43:26 PM, on 10/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Users\Mr.Cherry\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Mr.Cherry.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=2012043069E74D599A00F3418C0EAE3A&tbp=homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Blekko search bar - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Blekko search bar - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
O3 - Toolbar: ooVoo toolbar, powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe"
O4 - HKCU\..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAAMSvc - CA - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: TM Engine (UmxEngine) - CA - C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16321 bytes

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Mr.Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\5byumeof.default

prefs.js - "browser.startup.homepage" - "http://www.youtube.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
search.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Mr.Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\5byumeof.default\extensions\
crossriderapp2258@crossrider.com
fdm_ffext@freedownloadmanager.org
toolbar@ask.com
{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}]
I Want This - C:\Program Files (x86)\I Want This\I Want This.dll [2012-03-28 494424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}]
PlusIEEventHelper Class - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}]
Blekko search bar - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll [2012-03-14 85288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-03-18 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
Free Download Manager - C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2011-12-28 230400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
ooVoo toolbar, powered by Ask.com - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-05-04 1519272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-10-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-03 529784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - Blekko search bar - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll [2012-03-14 85288]
{D4027C7F-154A-4066-A1AD-4243D8127440} - ooVoo toolbar, powered by Ask.com - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-05-04 1519272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ToshibaAppPlace"=C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [2010-09-23 552960]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-02-24 2454840]
"NortonOnlineBackupReminder"=C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [2010-08-17 3218792]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
""= []
"Memeo Instant Backup"=C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [2010-04-22 136416]
"Memeo AutoSync"=C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [2010-04-16 144608]
"Memeo Send"=C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe [2009-11-04 236816]
"Seagate Dashboard"=C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [2010-04-30 79112]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-04-20 58656]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280]
"IndexSearch"=C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [2010-03-09 46368]
"PaperPort PTD"=C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [2010-03-09 29984]
"PPort12reminder"=C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [2010-02-09 328992]
"PDFHook"=C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [2010-03-05 636192]
"PDF5 Registry Controller"=C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [2010-03-05 62752]
"ControlCenter4"=C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [2011-03-03 139264]
"BrStsMon00"=C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2010-12-23 2629632]
"Anti-phishing Domain Advisor"=C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [2011-07-29 217256]
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2012-05-04 1561768]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2012-04-18 421888]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-09-09 421776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2009-05-05 222496]
"Free Download Manager"=C:\Program Files (x86)\Free Download Manager\fdm.exe [2011-12-28 6148096]
"PC Speed Maximizer"=C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe []
"SPMTray"=C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Users\Mr.Cherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\windows\system32\UmxWnp.Dll [2011-02-24 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-10-06 14:43:19 ----D---- C:\rsit
2012-10-06 14:43:19 ----D---- C:\Program Files (x86)\trend micro
2012-10-06 14:38:49 ----D---- C:\windows\ERDNT
2012-10-06 14:38:23 ----D---- C:\Program Files (x86)\ERUNT
2012-09-22 21:45:19 ----A---- C:\windows\SysWOW64\wininet.dll
2012-09-22 21:45:19 ----A---- C:\windows\SysWOW64\urlmon.dll
2012-09-22 21:45:19 ----A---- C:\windows\SysWOW64\url.dll
2012-09-22 21:45:19 ----A---- C:\windows\SysWOW64\jsproxy.dll
2012-09-22 21:45:19 ----A---- C:\windows\SysWOW64\ieui.dll
2012-09-22 21:45:19 ----A---- C:\windows\SysWOW64\iertutil.dll
2012-09-22 21:45:19 ----A---- C:\windows\SysWOW64\ieframe.dll
2012-09-22 21:45:18 ----A---- C:\windows\SysWOW64\mshtmled.dll
2012-09-22 21:45:18 ----A---- C:\windows\SysWOW64\mshtml.dll
2012-09-22 21:45:18 ----A---- C:\windows\SysWOW64\msfeeds.dll
2012-09-14 15:20:25 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 15:20:25 ----D---- C:\Program Files (x86)\iTunes
2012-09-11 23:34:44 ----A---- C:\windows\SysWOW64\d3d10level9.dll
2012-09-10 03:34:45 ----D---- C:\ProgramData\McAfee Security Scan
2012-09-10 03:34:40 ----D---- C:\ProgramData\McAfee
2012-09-10 03:34:39 ----D---- C:\Program Files (x86)\McAfee Security Scan

======List of files/folders modified in the last 1 month======

2012-10-06 14:43:22 ----D---- C:\windows\Temp
2012-10-06 14:43:19 ----D---- C:\Users\Mr.Cherry\AppData\Roaming\Free Download Manager
2012-10-06 14:43:19 ----D---- C:\Program Files (x86)
2012-10-06 14:38:49 ----AD---- C:\Windows
2012-10-05 17:22:28 ----D---- C:\windows\System32
2012-10-05 17:22:28 ----D---- C:\windows\inf
2012-10-05 17:22:20 ----SHD---- C:\System Volume Information
2012-10-03 23:06:04 ----D---- C:\ProgramData\Anti-phishing Domain Advisor
2012-10-03 23:05:32 ----A---- C:\windows\SysWOW64\log.txt
2012-10-02 02:00:14 ----D---- C:\windows\Prefetch
2012-09-30 01:14:56 ----D---- C:\windows\rescache
2012-09-27 22:16:15 ----D---- C:\windows\winsxs
2012-09-23 19:55:30 ----D---- C:\windows\SysWOW64\migration
2012-09-23 19:55:30 ----D---- C:\windows\SysWOW64
2012-09-23 19:55:30 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-14 22:36:12 ----HD---- C:\Config.msi
2012-09-14 15:21:33 ----SHD---- C:\windows\Installer
2012-09-14 15:20:26 ----RD---- C:\Program Files
2012-09-14 15:20:25 ----HD---- C:\ProgramData
2012-09-14 15:20:25 ----D---- C:\Program Files (x86)\Common Files\Apple
2012-09-12 19:58:41 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-12 19:04:45 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-09-10 03:34:35 ----A---- C:\windows\SysWOW64\FlashPlayerApp.exe
2012-09-10 03:34:06 ----D---- C:\ProgramData\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys []
R0 KmxAMRT;KmxAMRT; C:\windows\system32\DRIVERS\KmxAMRT.sys []
R0 pciide;pciide; C:\windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys []
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS []
R1 KmxAgent;KmxAgent; C:\windows\System32\DRIVERS\kmxagent.sys []
R1 KmxCfg;KmxCfg; C:\windows\System32\DRIVERS\kmxcfg.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys []
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys []
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HECIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys []
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys []
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys []
R3 IntcDAud;Intel® Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys []
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys []
R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys []
R3 QIOMem;Generic IO & Memory Access; C:\windows\system32\DRIVERS\QIOMem.sys []
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\windows\system32\DRIVERS\rtl8192Ce.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys []
S3 BrSerIb;Brother Serial Interface Driver(WDM); C:\windows\system32\DRIVERS\BrSerIb.sys []
S3 BrUsbSIb;Brother Serial USB Driver(WDM); C:\windows\system32\DRIVERS\BrUsbSIb.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys []
S3 SrvHsfHDA;SrvHsfHDA; C:\windows\system32\DRIVERS\VSTAZL6.SYS []
S3 SrvHsfV92;SrvHsfV92; C:\windows\system32\DRIVERS\VSTDPV6.SYS []
S3 SrvHsfWinac;SrvHsfWinac; C:\windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys []
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys []
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 CAAMSvc;CAAMSvc; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-10-18 291656]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2011-09-18 312656]
R2 ccSchedulerSVC;CA Common Scheduler Service; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2012-03-04 287280]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-03-18 268824]
R2 MemeoBackgroundService;MemeoBackgroundService; C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-22 25824]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-07-17 131512]
R2 PCCUJobMgr;Common Client Job Manager Service; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [2009-08-24 126392]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
R2 SeagateDashboardService;Seagate Dashboard Service; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2010-09-28 489384]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-02-25 252928]
R2 UmxEngine;TM Engine; C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2012-03-04 358448]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 936848]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 250568]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-12 114144]
S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe []
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

info.txt


info.txt logfile of random's system information tool 1.09 2012-10-06 14:43:31

======Uninstall list======

-->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Club Penguin\Uninstall.exe"
-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\Uninstall.exe"
-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\Uninstall.exe"
-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\Uninstall.exe"
-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\Uninstall.exe"
3D Pinball-->MsiExec.exe /I{C342E30B-52F9-4657-96B6-32E399B9DEB2}
Adobe Flash Player 11 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe -maintain plugin
Adobe Reader 9.3.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Anti-phishing Domain Advisor-->C:\ProgramData\Anti-phishing Domain Advisor\uninstall.exe
Apple Application Support-->MsiExec.exe /I{63EC2120-1742-4625-AA47-C6A8AEC9C64C}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly
Blekko search bar-->C:\Program Files (x86)\blekkotb_soc\uninstall.exe
Brother MFL-Pro Suite MFC-J825DW-->"C:\Program Files (x86)\InstallShield Installation Information\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}\Setup.exe" -runfromtemp -l0x0009 UNINSTALL Reg=BHmini11 -removeonly
Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Download Updater (AOL LLC)-->C:\Program Files (x86)\Common Files\Software Update Utility\uninstall.exe
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
Free Download Manager 3.8-->"C:\Program Files (x86)\Free Download Manager\unins000.exe"
HP Deskjet 1000 J110 series Help-->MsiExec.exe /I{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}
HP Photo Creations-->C:\Program Files (x86)\HP Photo Creations\uninst.exe
HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
I Want This-->C:\Program Files (x86)\I Want This\Uninstall.exe
Intel® Graphics Media Accelerator Driver-->C:\Program Files (x86)\Intel\Intel® Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Label@Once 1.0-->MsiExec.exe /I{0D795777-9D60-4692-8386-F2B3F2B5E5BF}
McAfee Security Scan Plus-->"C:\Program Files (x86)\McAfee Security Scan\uninstall.exe"
Memeo AutoSync-->C:\Program Files (x86)\Memeo\AutoSync\uninstall.exe
Memeo Instant Backup-->C:\Program Files (x86)\Memeo\AutoBackup\uninstall.exe
Memeo Send-->C:\Program Files (x86)\Memeo\Memeo Send\uninstall.exe
Memeo Share-->C:\Program Files (x86)\Memeo\Memeo Share\uninstall.exe
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox 15.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP3 Parser (KB2721691)-->MsiExec.exe /I{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
Norton PC Checkup-->"C:\ProgramData\Norton\PC Checkup\unins000.exe"
Nuance PaperPort 12-->MsiExec.exe /I{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}
Nuance PDF Viewer Plus-->MsiExec.exe /X{28656860-4728-433C-8AD4-D1A930437BC8}
ooVoo-->MsiExec.exe /X{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}
PC Speed Maximizer v3.0-->"C:\Program Files (x86)\PC Speed Maximizer\unins000.exe"
PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}
QuickTime-->MsiExec.exe /I{0E64B098-8018-4256-BA23-C316A43AD9B0}
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -removeonly
Realtek WLAN Driver-->MsiExec.exe /X{0FB630AB-7BD8-40AE-B223-60397D57C3C9}
Safari-->MsiExec.exe /I{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}
Seagate Dashboard-->C:\Program Files (x86)\Seagate\Seagate Dashboard\uninstall.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Skype Launcher-->C:\Program Files (x86)\InstallShield Installation Information\{DA84ECBF-4B79-47F2-B34C-95C38484C058}\setup.exe -runfromtemp -l0x0009 -removeonly
Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.3-->MsiExec.exe /X{5335DADB-34BA-4AE8-A519-648D78498846}
Toshiba App Place-->MsiExec.exe /I{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}
TOSHIBA Application Installer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}\setup.exe" -l0x9 -removeonly
TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe -runfromtemp -l0x0009 -removeonly
Toshiba Book Place-->MsiExec.exe /I{39187A4B-7538-4BE7-8BAD-9E83303793AA}
TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{C14518AF-1A0F-4D39-8011-69BAA01CD380}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA eco Utility-->C:\Program Files (x86)\InstallShield Installation Information\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}\setup.exe -runfromtemp -l0x0409
TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Hardware Setup-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} /l1033
TOSHIBA HDD/SSD Alert-->C:\Program Files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0409
Toshiba Laptop Checkup-->C:\Program Files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.5.60\InstStub.exe /X
TOSHIBA Media Controller Plug-in-->MsiExec.exe /X{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}
TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}\setup.exe -runfromtemp -l0x0009 -removeonly
Toshiba Online Backup-->MsiExec.exe /X{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}
TOSHIBA Quality Application-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E69992ED-A7F6-406C-9280-1C156417BC49}\setup.exe" -l0x9 -removeonly
TOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{A0E99122-25C1-4CA4-9063-499A2A814EB6}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA Supervisor Password-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CBD6B23D-41D5-4A46-8019-6208516C9712} /l1033
TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe
TOSHIBA Web Camera Application-->C:\Program Files (x86)\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe -runfromtemp -l0x0009 -removeonly
ToshibaRegistration-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5AF550B4-BB67-4E7E-82F1-2C4300279050}\setup.exe" -l0x9 -removeonly
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

======System event log======

Computer Name: MrCherry-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 83656
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20120530195149.501294-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MrCherry-PC
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\DR2 during a paging operation.
Record Number: 83539
Source Name: Disk
Time Written: 20120529001627.819474-000
Event Type: Warning
User:

Computer Name: MrCherry-PC
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\DR2 during a paging operation.
Record Number: 83538
Source Name: Disk
Time Written: 20120529001627.819474-000
Event Type: Warning
User:

Computer Name: MrCherry-PC
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\DR2 during a paging operation.
Record Number: 83537
Source Name: Disk
Time Written: 20120529001627.819474-000
Event Type: Warning
User:

Computer Name: MrCherry-PC
Event Code: 225
Message: The application System with process id 4 stopped the removal or ejection for the device USB\VID_0480&PID_A004\2010050506C0.
Record Number: 83535
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20120529001627.772674-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: MrCherry-PC
Event Code: 1002
Message: C4PRG BrtC4PRG: [2012/04/10 19:48:42.175]: [00005000]: RegOpenKeyEx failed

Record Number: 71600
Source Name: Brother BrLog
Time Written: 20120410234842.000000-000
Event Type: Warning
User:

Computer Name: MrCherry-PC
Event Code: 1002
Message: C4PRG BrtC4PRG: [2012/04/10 19:48:42.175]: [00005000]: RegOpenKeyEx failed

Record Number: 71599
Source Name: Brother BrLog
Time Written: 20120410234842.000000-000
Event Type: Warning
User:

Computer Name: MrCherry-PC
Event Code: 1002
Message: C4PRG BrtC4PRG: [2012/04/10 19:48:42.175]: [00005000]: RegOpenKeyEx failed

Record Number: 71598
Source Name: Brother BrLog
Time Written: 20120410234842.000000-000
Event Type: Warning
User:

Computer Name: MrCherry-PC
Event Code: 1002
Message: C4PRG BrtC4PRG: [2012/04/10 19:48:37.650]: [00005000]: RegOpenKeyEx failed

Record Number: 71597
Source Name: Brother BrLog
Time Written: 20120410234837.000000-000
Event Type: Warning
User:

Computer Name: MrCherry-PC
Event Code: 0
Message:
Record Number: 71596
Source Name: Toshiba App Place
Time Written: 20120410234823.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: MrCherry-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: MRCHERRY-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x234
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 8914
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110823234552.394829-000
Event Type: Audit Success
User:

Computer Name: MrCherry-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-20
Account Name: NETWORK SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e4

Privileges: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 8913
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110823234552.363629-000
Event Type: Audit Success
User:

Computer Name: MrCherry-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: MRCHERRY-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-20
Account Name: NETWORK SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e4
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x234
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 8912
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110823234552.363629-000
Event Type: Audit Success
User:

Computer Name: MrCherry-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 8911
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110823234552.129629-000
Event Type: Audit Success
User:

Computer Name: MrCherry-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: MRCHERRY-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x234
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 8910
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110823234552.129629-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=2505
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#7 ald111

ald111
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 06 October 2012 - 01:53 PM

checkup.txt


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Total Defense Anti-Virus Plus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 17
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
CA CA Internet Security Suite CA Anti-Virus Plus caamsvc.exe
CA CA Internet Security Suite CA Anti-Virus Plus isafe.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 PM

Posted 07 October 2012 - 12:51 PM

Hello ald111,

Let's stick with this last pc and do not mix in any other computer. This is a Toshiba ? yes/no ?
You should have advised me what the main issue is !! ? !
Tell me if this is your system or someone else's system.

Go to Control Panel >> Programs and Features and Uninstall the following
Java 6 Update 17 runtime
Adobe Reader
Blekko search bar
ASK toolbar



Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!
These steps are for member ald111 only. If you are a casual viewer, do NOT try this on your system!
If you are not ald111 and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system


Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. [/b]



Start Notepad and copy/paste the text in the quotebox below into it:

DDS::
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=2012043069E74D599A00F3418C0EAE3A&tbp=homepage
O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
O2 - BHO: Blekko search bar - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Blekko search bar - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
O3 - Toolbar: ooVoo toolbar, powered by Ask.com - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"


Save this as CFScript.txt, in the same location as ComboFix.exe on your Desktop.


Posted Image


Refering to the picture above, drag CFScript and drop onto ComboFix.exe (red lion icon)

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Do a Copy & Paste into next reply.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#9 ald111

ald111
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 13 October 2012 - 07:58 PM

This is a Toshiba and it is a family member's laptop.

After disabling the antivirus combofix says it is not disabled but runs anyway, the first time it failed. I tried again and it produced a txt file.

It runs very slow a lot, does not allow a restore (nothing opens when restore in control panel is clicked), if firefox is open and anything else is clicked it runs so slow it appears to freeze, it has said windows file does not exist and crashed applications then the application will run fine other times.




ComboFix 12-10-13.04 - Mr.Cherry 10/13/2012 20:22:05.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2506 [GMT -4:00]
Running from: c:\users\Mr.Cherry\Desktop\ComboFix.exe
AV: Total Defense Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: Total Defense Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\I Want This
c:\program files (x86)\I Want This\I Want This.dll
c:\program files (x86)\I Want This\I Want This.exe
c:\program files (x86)\I Want This\I Want This.ico
c:\program files (x86)\I Want This\I Want This.ini
c:\program files (x86)\I Want This\I Want ThisGui.exe
c:\program files (x86)\I Want This\I Want ThisInstaller.log
c:\program files (x86)\I Want This\Uninstall.exe
c:\users\Mr.Cherry\AppData\Local\dfl20z32.dll
c:\users\Mr.Cherry\AppData\Local\I Want This
c:\users\Mr.Cherry\AppData\Local\I Want This\Chrome\I Want This.crx
c:\users\Mr.Cherry\AppData\Local\wsr20zt32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
.
.
2012-10-14 00:41 . 2012-10-14 00:41 -------- d-----w- c:\users\MRC396~1~CHE\AppData\Local\temp
2012-10-14 00:41 . 2012-10-14 00:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-14 00:22 . 2012-10-14 00:22 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85F564D6-65D6-48E8-80A8-23E61CC94210}\offreg.dll
2012-10-13 23:58 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85F564D6-65D6-48E8-80A8-23E61CC94210}\mpengine.dll
2012-10-11 00:39 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 00:39 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-11 00:39 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-11 00:39 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-11 00:38 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 00:38 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-11 00:38 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-11 00:38 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-11 00:38 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-11 00:38 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-11 00:37 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 00:37 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 00:37 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 00:37 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-11 00:37 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-11 00:37 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-06 18:43 . 2012-10-06 18:43 -------- d-----w- C:\rsit
2012-10-06 18:43 . 2012-10-06 18:43 -------- d-----w- c:\program files (x86)\trend micro
2012-10-06 18:38 . 2012-10-06 18:38 -------- d-----w- c:\program files (x86)\ERUNT
2012-09-26 17:22 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-14 19:21 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-14 19:20 . 2012-09-14 19:20 -------- d-----w- c:\program files\iPod
2012-09-14 19:20 . 2012-09-14 19:21 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 19:20 . 2012-09-14 19:21 -------- d-----w- c:\program files\iTunes
2012-09-14 19:20 . 2012-09-14 19:21 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 18:31 . 2011-06-18 09:25 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 01:11 . 2012-08-09 23:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 01:11 . 2012-08-09 23:43 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-22 18:12 . 2012-09-12 03:34 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 03:34 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 03:34 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 03:34 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 17:01 . 2011-04-17 17:29 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2011-04-17 17:29 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-11 00:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 03:34 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 03:34 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-18 18:15 . 2012-08-16 07:07 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2011-12-28 6148096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-03-04 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Mr.Cherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2011-02-24 18:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 87552]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 14592]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-12 114144]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-19 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [2011-10-27 182352]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2011-10-26 113744]
S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2011-09-07 365136]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 CAAMSvc;CAAMSvc;c:\program files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-10-18 291656]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2012-03-04 287280]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-07-18 131512]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [2009-08-24 126392]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-22 287232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-23 75304]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-02-12 877088]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 01:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2012-03-04 2698800]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=2012043069E74D599A00F3418C0EAE3A&tbp=homepage
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
LSP: c:\windows\system32\VetRedir.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mr.Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\5byumeof.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110011221158} - c:\program files (x86)\I Want This\I Want This.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PC Speed Maximizer - c:\program files (x86)\PC Speed Maximizer\SPMStarter.exe
Wow6432Node-HKCU-Run-SPMTray - c:\program files (x86)\PC Speed Maximizer\SPMTray.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-I Want This - c:\program files (x86)\I Want This\Uninstall.exe
AddRemove-KangoBoxSA - c:\users\Mr.Cherry\AppData\Local\KangoBoxSA\bin\1.0.3.0\KangoBoxUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.5.60\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-13 20:48:12
ComboFix-quarantined-files.txt 2012-10-14 00:48
.
Pre-Run: 445,608,292,352 bytes free
Post-Run: 446,740,758,528 bytes free
.
- - End Of File - - 4D7C1575FDBB4ED4B6308BEE78820122

#10 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 PM

Posted 14 October 2012 - 11:45 AM

I would ask that you make timely responses: I close my topics if I do not hear back within 4 days.


Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.
Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 2

Download and Save McAfee Stinger to your Desktop
http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click Posted Image and select Run as Administrator.
On XP, double-click to start it.

The GUI interface will look like this
Posted Image

The C drive is the default for scanning.
Press the Preferences button. In the top right-block "On virus detection", click Rename
In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.
When done, use the File menu and select Save report to file
Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.
It is not intended as virus protection.

Step 3

Download Dr.Web CureIt to the desktop.
  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#11 ald111

ald111
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 14 October 2012 - 01:12 PM

if i try to save the file for step one in the firefox default it saves but i can't do anything with it nothing happens if i try to even run it from there. If I use firefox to save it says it cannot save due to unknown error. If i use IE it says it saved but is not where I saved it.

#12 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 PM

Posted 14 October 2012 - 07:42 PM

Press the Windows-key and in the search box, type in the name (at least the 1st parts) of the utility, and it should show up.

Do this in Internet Explorer to reset to IE defaults: Using IE (only!) go to http://support.microsoft.com/kb/923737
[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],
run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#13 ald111

ald111
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 14 October 2012 - 09:45 PM

The search does not find the file. I reset the IE settings using the directions in the post and tried the download again. It still did not appear. I searched again and still can not find it. When downloading it says adwcleaner.exe so I tried searching for adwcleaner, adw, and clean. It still found nothing. I can try using a different com and transferring the file later this week.

#14 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 PM

Posted 15 October 2012 - 09:34 AM

In Internet Explorer, select Tools >> Internet Options >> click on ADVANCED tab
Under the block titled "Browsing"
Look for the line Notify when downloads complete and make sure it has a checkmark.
Click Apply button as needed & OK button.

ALSO, see this MS article if still having IE issues
http://windows.microsoft.com/en-us/windows7/Reset-Internet-Explorer-settings

Lastly, in case you do not see IE downloads where you think you did specify save location & cannot find them....
then.... Use Windows Explorer and look at your downloads folder
C:\users\<your-login-account-name>\downloads
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#15 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:49 PM

Posted 19 October 2012 - 11:07 AM

It has been 4 days since my last reply. Have you resolved your issue?
If I do not hear back from you in the next day or two, I will Close this thread.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users