Jump to content

madmatt7

Honorary Members
 View Profile  See their activity

  • Posts

    59

  • Joined

  • Last visited

 Content Type 

Everything posted by madmatt7

  1. madmatt7
    Also I do not have my recovery disk/usb etc. I am unsure where it is. I don't remember the last major download/update. I think it was before thanksgiving.
  2. madmatt7
    Here's the attachments from DDS. I can't use the task manager because it freezes up...and the windows button (Start) does not work. Thanks for your help. DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 Run by Olivia at 17:14:45 on 2012-11-28 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.5176 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\splwow64.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://msn.com/ uProxyOverride = <local>;*.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Cookienator] "C:\Program Files (x86)\Cookienator\cookienator.exe" /auto uRun: [spotify] "C:\Users\Olivia\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [spotify Web Helper] "C:\Users\Olivia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab TCP: NameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B} : DHCPNameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\34F6E6E6563647232455 : DHCPNameServer = 128.226.1.11 128.226.1.18 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\358656271647F6E6 : DHCPNameServer = 10.71.0.100 TCP: Interfaces\{C3F6C8CD-7303-4175-87A4-1623859B7F5B}\C6164796E616 : DHCPNameServer = 192.168.2.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll SSODL: WebCheck - <orphaned> x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll x64-Notify: igfxcui - igfxdev.dll Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 om.symantec.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ============= SERVICES / DRIVERS =============== . R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912] R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-10-19 1109096] S1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-11-14 984144] S1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-11-14 370288] S2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-11-14 25232] S2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-11-14 71600] S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-14 44808] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 399432] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 676936] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-10-19 123320] S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-10-19 126392] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-19 2656280] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-8-25 57280] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872] S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2012-10-2 45176] S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-9-12 25928] S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-10-19 38096] S3 rak;rak;C:\Game\SoftnyxGame\RakionIS\Bin\avital\rakion64.sys [2012-11-20 81880] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-19 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-19 307304] S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-9-19 152640] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-19 57216] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152] S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-27 1255736] . =============== Created Last 30 ================ . 2012-11-28 02:29:47 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5CB7AAE-1911-4B25-BDDB-D3BE1DE46917}\mpengine.dll 2012-11-24 21:53:28 -------- d-----w- C:\Program Files (x86)\PC Checkup 2012-11-24 21:53:26 -------- d-----w- C:\Users\Olivia\AppData\Local\Programs 2012-11-24 11:46:06 -------- d-----w- C:\Users\Olivia\AppData\Roaming\PCCUStubInstaller 2012-11-20 06:11:59 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-11-15 08:09:02 9728 ----a-w- C:\windows\System32\Wdfres.dll 2012-11-15 08:09:02 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys 2012-11-15 08:09:02 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys 2012-11-15 08:09:02 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-15 08:00:31 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys 2012-11-15 08:00:31 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys 2012-11-15 08:00:30 84992 ----a-w- C:\windows\System32\WUDFSvc.dll 2012-11-15 08:00:30 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll 2012-11-15 08:00:29 744448 ----a-w- C:\windows\System32\WUDFx.dll 2012-11-15 08:00:29 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll 2012-11-15 08:00:29 229888 ----a-w- C:\windows\System32\WUDFHost.exe 2012-11-15 06:35:44 95744 ----a-w- C:\windows\System32\synceng.dll 2012-11-15 06:35:44 78336 ----a-w- C:\windows\SysWow64\synceng.dll 2012-11-14 14:58:56 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2012-11-14 14:58:53 984144 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2012-11-14 14:58:53 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2012-11-14 14:58:39 41224 ----a-w- C:\windows\avastSS.scr 2012-11-10 03:06:35 -------- d-----w- C:\windows\SysWow64\Adobe 2012-11-09 14:25:03 -------- d-----w- C:\Users\Olivia\AppData\Local\Spotify 2012-11-09 14:24:41 -------- d-----w- C:\Users\Olivia\AppData\Roaming\Spotify 2012-11-07 04:47:30 -------- d-----w- C:\Users\Olivia\jagexcache1 2012-11-02 23:14:19 -------- d-----w- C:\ProgramData\Panda Security 2012-11-02 23:14:16 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine 2012-11-02 23:09:39 -------- d-----w- C:\Program Files (x86)\Cookienator 2012-11-02 21:30:02 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-02 21:21:23 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-01 17:43:52 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-30 13:22:52 73728 ----a-r- C:\Users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-10-30 13:22:52 73728 ----a-r- C:\Users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-10-30 13:22:52 73728 ----a-r- C:\Users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-10-30 13:22:49 -------- d-----w- C:\Program Files (x86)\Sophos . ==================== Find3M ==================== . 2012-10-18 18:25:58 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-10-08 06:26:27 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-10-08 06:26:27 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys 2012-09-29 23:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys . ============= FINISH: 17:15:35.03 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/30/2011 10:17:17 PM System Uptime: 11/28/2012 5:08:13 PM (0 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 2394/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 683 GiB total, 624.515 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: avast! Network Shield Support Device ID: ROOT\LEGACY_ASWTDI\0000 Manufacturer: Name: avast! Network Shield Support PNP Device ID: ROOT\LEGACY_ASWTDI\0000 Service: aswTdi . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: USB Video Device Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000 Manufacturer: Microsoft Name: TOSHIBA Web Camera - MP PNP Device ID: USB\VID_04F2&PID_B289&MI_00\7&382C55A1&0&0000 Service: usbvideo . ==== System Restore Points =================== . RP155: 11/15/2012 1:29:37 AM - Windows Update RP156: 11/15/2012 3:00:14 AM - Windows Update RP157: 11/17/2012 7:21:14 PM - Installed RuneScape Launcher 1.2.2 RP158: 11/20/2012 3:53:29 AM - Windows Update RP159: 11/23/2012 9:11:50 AM - Windows Update . ==== Hosts File Hijack ====================== . Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 om.symantec.com Hosts: 127.0.0.1 ads.bleepingcomputer.com Hosts: 127.0.0.1 wdcs.trendmicro.com . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader XI Adobe Shockwave Player 11.6 Apple Mobile Device Support Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver avast! Free Antivirus Bonjour Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Conexant HD Audio Cookienator D3DX10 Epson Connect Epson Customer Participation Epson Event Manager EPSON NX230 Series Printer Uninstall EpsonNet Print Google Chrome Google Toolbar for Internet Explorer Google Update Helper Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Java 7 Update 9 Java Auto Updater Junk Mail filter update Label@Once 1.0 League of Legends Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 Netwaiting Panda USB Vaccine 1.0.1.4 Pando Media Booster Photo Common Photo Gallery PlayReady PC Runtime amd64 PlayReady PC Runtime x86 QuickTime Rakion International Realtek USB 2.0 Reader Driver Realtek WLAN Driver RuneScape Launcher 1.2.2 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Sophos Virus Removal Tool Spotify swMSM Synaptics Pointing Device Driver Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBA Wireless LAN Indicator TOSHIBARegistration Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Warcraft III Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WOT for Internet Explorer . ==== Event Viewer Messages From Past Week ======== . 11/28/2012 9:01:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the EpsonCustomerParticipation service to connect. 11/28/2012 9:01:46 AM, Error: Service Control Manager [7000] - The EpsonCustomerParticipation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 5:11:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 11/28/2012 5:09:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/28/2012 5:09:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/28/2012 5:09:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/28/2012 5:09:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/28/2012 5:09:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6 11/28/2012 5:09:05 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 11/28/2012 5:06:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 11/28/2012 5:06:52 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:55:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TPCH Service service to connect. 11/28/2012 1:55:09 AM, Error: Service Control Manager [7000] - The TPCH Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:54:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service. 11/28/2012 1:54:06 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:53:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect. 11/28/2012 1:53:00 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:51:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 11/28/2012 1:50:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 11/28/2012 1:29:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 11/28/2012 1:29:16 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:28:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. 11/28/2012 1:28:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect. 11/28/2012 1:26:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TPCHSrv with arguments "" in order to run the server: {45CC1698-D1CF-417B-BC32-80EB79E05EF1} 11/28/2012 1:25:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service. 11/28/2012 1:25:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TOSHIBA HDD SSD Alert Service with arguments "" in order to run the server: {A1CC28EB-258A-4B67-BBC2-4DD5D8AF4C8F} 11/28/2012 1:25:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA HDD SSD Alert Service service to connect. 11/28/2012 1:25:02 AM, Error: Service Control Manager [7000] - The TOSHIBA HDD SSD Alert Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2012 1:12:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 11/28/2012 1:10:21 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting. 11/28/2012 1:08:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 11/28/2012 1:00:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 11/27/2012 9:00:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:59:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2012 8:58:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 11/27/2012 8:58:22 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:29:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect. 11/27/2012 6:29:24 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:28:30 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 11/27/2012 6:26:25 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting. 11/27/2012 6:23:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. 11/27/2012 6:23:27 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:22:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Toshiba Laptop Checkup Application Launcher service to connect. 11/27/2012 6:22:15 PM, Error: Service Control Manager [7000] - The Toshiba Laptop Checkup Application Launcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 6:18:27 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting. 11/27/2012 6:10:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 11/27/2012 6:10:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. 11/27/2012 6:10:01 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 5:58:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/27/2012 5:37:23 PM, Error: Microsoft-Windows-CorruptedFileRecovery-Server [10] - The system file C:\Windows\System32\cryptnet.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147943517). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary. 11/27/2012 5:26:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2012 5:26:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 11/27/2012 5:26:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 11/27/2012 5:23:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. 11/27/2012 5:23:24 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/27/2012 1:38:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect. 11/27/2012 1:38:40 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/26/2012 12:48:21 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Olivia-PC\Olivia SID (S-1-5-21-847268353-2912776164-1514832063-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================
  3. madmatt7
    So I was on my laptop today...and it was working fine. Then when I turned it back on later in the day it booted up normally, however, after entering my password and logging in it runs really slow. I cannot open anything, even start doesn't work. Several times something came up saying Windows 7 could not run or start up...with the option to end process. I have no idea what can be wrong. I have tried to go back to an old restore point but the problem persists. I can only use my laptop on safe mode safe mode with networking/safe mode and cmd prompt. If anyone can help I will be very grateful. Thanks, Matt
  4. madmatt7

    MrC thank you so much! My computer already seems to be running smoother! No more crashes! thank you again.

  5. madmatt7
    Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 25 Java 7 Update 7 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  6. madmatt7
    # AdwCleaner v2.006 - Logfile created 11/02/2012 at 17:02:12 # Updated 30/10/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Olivia - OLIVIA-PC # Boot Mode : Normal # Running from : C:\Users\Olivia\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Olivia\AppData\Local\Conduit Folder Deleted : C:\Users\Olivia\AppData\LocalLow\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3237160 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Software ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1718 octets] - [02/11/2012 16:47:56] AdwCleaner[s1].txt - [1499 octets] - [02/11/2012 17:02:12] ########## EOF - C:\AdwCleaner[s1].txt - [1559 octets] ##########
  7. madmatt7
    # AdwCleaner v2.006 - Logfile created 11/02/2012 at 16:47:56 # Updated 30/10/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Olivia - OLIVIA-PC # Boot Mode : Normal # Running from : C:\Users\Olivia\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\Olivia\AppData\Local\Conduit Folder Found : C:\Users\Olivia\AppData\LocalLow\Conduit ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3237160 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Software ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1591 octets] - [02/11/2012 16:47:56] ########## EOF - C:\AdwCleaner[R1].txt - [1651 octets] ##########
  8. madmatt7
    Thanks MrC Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.02.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Olivia :: OLIVIA-PC [administrator] 11/2/2012 3:39:35 PM mbam-log-2012-11-02 (15-39-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206506 Time elapsed: 1 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. madmatt7
    ComboFix 12-11-02.02 - Olivia 11/02/2012 15:18:11.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4645 [GMT -4:00] Running from: c:\users\Olivia\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Olivia\Documents\~WRL0003.tmp c:\users\Olivia\Documents\~WRL0005.tmp c:\users\Olivia\Documents\~WRL4048.tmp c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-02 to 2012-11-02 ))))))))))))))))))))))))))))))) . . 2012-11-02 19:24 . 2012-11-02 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-01 17:43 . 2012-11-02 15:37 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-01 01:53 . 2012-11-01 01:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBF8D837-D624-45C1-982A-06B5731219CF}\offreg.dll 2012-10-30 13:22 . 2012-10-30 13:22 73728 ----a-r- c:\users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-10-30 13:22 . 2012-10-30 13:22 73728 ----a-r- c:\users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-10-30 13:22 . 2012-10-30 13:22 73728 ----a-r- c:\users\Olivia\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-10-30 13:22 . 2012-10-30 13:22 -------- d-----w- c:\program files (x86)\Sophos 2012-10-30 08:15 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBF8D837-D624-45C1-982A-06B5731219CF}\mpengine.dll 2012-10-19 00:09 . 2012-10-19 00:09 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2012-10-19 00:08 . 2012-10-19 00:08 -------- d-----w- c:\programdata\Symantec 2012-10-09 18:47 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-10-09 18:43 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-09 18:43 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-09 18:43 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-09 18:43 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-09 18:43 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-09 18:43 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-08 07:52 . 2012-10-08 08:16 -------- d-----w- c:\users\Olivia\AppData\Local\NPE 2012-10-08 06:47 . 2012-10-23 10:17 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-08 06:46 . 2012-10-08 06:46 -------- d-----w- c:\programdata\AVAST Software 2012-10-08 06:46 . 2012-10-08 06:46 -------- d-----w- c:\program files\AVAST Software 2012-10-08 06:37 . 2012-11-01 02:00 -------- d-----w- C:\Firefox 2012-10-08 06:27 . 2012-10-08 06:27 -------- d-----w- c:\programdata\Ask 2012-10-08 06:27 . 2012-10-08 06:27 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-08 06:26 . 2012-10-08 06:26 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-08 06:26 . 2012-10-08 06:26 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-08 06:25 . 2012-10-08 06:25 -------- d-----w- c:\programdata\McAfee 2012-10-08 05:52 . 2012-10-08 05:52 -------- d-----w- C:\.jagex_cache_32 2012-10-04 08:08 . 2012-10-04 08:08 -------- d-----w- c:\users\Olivia\AppData\Local\ElevatedDiagnostics . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-10 07:02 . 2012-09-11 21:41 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-08 06:26 . 2011-08-01 07:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-29 23:54 . 2012-09-12 23:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-24 11:15 . 2012-09-22 08:26 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-22 08:26 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-22 08:26 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-22 08:26 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-22 08:26 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-22 08:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-22 08:26 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-22 08:26 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-22 08:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-22 08:26 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-22 08:26 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-22 08:26 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-22 08:26 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-22 08:26 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-22 08:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-22 08:26 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-22 08:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-22 08:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-22 08:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 08:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 08:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-22 08:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 13:06 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 13:06 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 13:06 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 13:06 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-25 21:39 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 17:38 . 2012-10-09 18:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-11 15:49 . 2012-08-11 15:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-11 15:49 . 2011-08-01 07:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-08-25 23:16 220608 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-08-25 23:16 220608 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-08-25 23:16 220608 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [2012-10-02 45176] R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] R3 rak;rak;c:\game\SoftnyxGame\RakionIS\Bin\rakion64.sys [2012-08-26 45176] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304] R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-09-19 152640] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1255736] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-08-27 123320] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856] . . Contents of the 'Scheduled Tasks' folder . 2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 06:47] . 2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 06:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-08-25 23:16 244672 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-08-25 23:16 244672 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-08-25 23:16 244672 ----a-w- c:\users\Olivia\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-30 562304] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928] "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://msn.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 128.226.1.11 128.226.1.18 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{9d0f7eb2-452d-4766-b535-8d23e36c300e} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe SafeBoot-20676008.sys SafeBoot-79454239.sys Toolbar-Locked - (no file) WebBrowser-{9D0F7EB2-452D-4766-B535-8D23E36C300E} - (no file) HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:f3,54,a4,0f,23,66,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,65,90,e2,ff,56,ed,4e,a0,7d,5f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,65,90,e2,ff,56,ed,4e,a0,7d,5f,\ . [HKEY_USERS\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-847268353-2912776164-1514832063-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-02 15:26:09 ComboFix-quarantined-files.txt 2012-11-02 19:26 . Pre-Run: 675,780,292,608 bytes free Post-Run: 675,988,983,808 bytes free . - - End Of File - - 679142D73EDD82CAD1311F0821325E90
  10. madmatt7
    So before the wipe I was receiving help from MrC in efforts to purge this RootKit. Unfortunately my account was deleted in roll-back. I'm not sure if I should restart the process again or not but I will post the logs/attachments MrC requested. attach.txtdds.txtResult.txtRKreport1.txtTDSSKiller.2.8.15.0_01.11.2012_13.28.43_log.txtTDSSKiller.2.8.15.0_01.11.2012_13.42.12_log.txtTDSSKiller.2.8.15.0_01.11.2012_13.45.25_log.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.