daniellenc

Norton?? How did that appear that software is a virus in itself, lol

Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Adobe Flash Player 11.4.402.287 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 15:32:59 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : nate - NATE-PC # Boot Mode : Normal # Running from : C:\Users\nate\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\nate\AppData\Local\Temp\Uninstall.exe Folder Deleted : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Folder Deleted : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Software Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.17010003&st=12&barid={39B86AFA-D117-4302-BDE2-37E0F29EAB60} --> hxxp://www.google.com -\\ Google Chrome v [unable to get version] File : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2371 octets] - [11/11/2012 14:23:29] AdwCleaner[R2].txt - [2431 octets] - [11/11/2012 15:31:56] AdwCleaner[s1].txt - [2437 octets] - [11/11/2012 15:32:59] ########## EOF - C:\AdwCleaner[s1].txt - [2497 octets] ##########

Never mind, lol I just clicked delete and it is rebooting now will post report:

Not sure how to run there is no run button???

# AdwCleaner v2.007 - Logfile created 11/11/2012 at 14:23:29 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : nate - NATE-PC # Boot Mode : Normal # Running from : C:\Users\nate\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Users\nate\AppData\Local\Temp\Uninstall.exe Folder Found : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Folder Found : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Software Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.17010003&st=12&barid={39B86AFA-D117-4302-BDE2-37E0F29EAB60} -\\ Google Chrome v [unable to get version] File : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2248 octets] - [11/11/2012 14:23:29] ########## EOF - C:\AdwCleaner[R1].txt - [2308 octets] ##########

OMG it worked you are the man!!!!!!!!!!!! As computer slow as I am that was not that bad thank you so much Mr.C I truly appreciate your help.

run, and rebooted. This time I can update yay and am running a new scan now. After it runs if anything is detected I will clean, and reboot. If nothing is detected will try to redownload chrome and see if the dns error persists:)

So this is where I stand. I can not update mb, but on this scan 5 items were found, cleaned, and rescanned with no more malware found. However, I still have no chrome, can not update mb, and he can not access any of his games. Here are the logs: mbar-log-2012-11-11 (13-03-45).txt mbar-log-2012-11-11 (13-17-09).txt system-log.txt

I went ahead and downloaded, unzipped, and tried to run and update....dns error again:(

Nope no system protection either. I have a restore point from yesterday does that suffice??

I may cry, lol. I followed the instruction but I do not have a system protection button just the other three. If I go directly to system restore it wants me to choose a restore point, but how do i choose and how do i save a file for it?

When i type system restore it is asking me to rename the computer?? Am I in the right place cause that doesn't sound right to me?

Remember I am computer retarded, lol and never use his pc. I can not find out how to create a new system restore on this pc??

Hope this is right, lol RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : nate [Admin rights] Mode : Scan -- Date : 11/11/2012 12:10:50 ¤¤¤ Bad processes : 1 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++ --- User --- [MBR] 7f79cb000448030f522d37fdcf96dd4d [bSP] 7baa029788e9cf5e28b7bc72b87ad807 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 460413 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 945999872 | Size: 15026 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11112012_02d1210.txt >> RKreport[1]_S_11112012_02d1210.txt

My son has definitely downloaded something nasty, and I can not for the life of me fix this. I have malware bytes installed and as usual started his PC in safemode with networking, went to update and got the 0,0 DDS error. Only internet explorer will work and nothing else though all other computers are running fine on chrome. So I have tried rkill, uninstalling and reinstalling, and everything else I have found on here. I am computer retarded so you will have to be patient with me:) Here are his logs I was instructed to download and save pertaining to the DDS. I have no clue what they mean so please be overly specific if you see anything I can fix:) DDS (Ver_2012-11-07.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16450 Run by nate at 11:40:34 on 2012-11-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.3221 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y mStart Page = hxxp://home.sweetim.com/?crg=3.17010003&st=12&barid={39B86AFA-D117-4302-BDE2-37E0F29EAB60} uProxyOverride = <local> mWinlogon: Userinit = userinit.exe BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [Google Update] "C:\Users\nate\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Cbox] C:\Program Files (x86)\Cbox\Cbox uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: C:\windows\System32\Sendori.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{C3D7410D-AECD-44D4-A084-6129F6BA0CF7} : DHCPNameServer = 50.40.0.50 TCP: Interfaces\{EF837C08-8FE1-47D6-A413-69A38A90D030} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{EF837C08-8FE1-47D6-A413-69A38A90D030}\4416E69656C6C656D275962756C6563737 : NameServer = 192.168.1.1 TCP: Interfaces\{EF837C08-8FE1-47D6-A413-69A38A90D030}\4416E69656C6C656D275962756C6563737 : DHCPNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://start.toshiba.com/ x64-mDefault_Page_URL = hxxp://start.toshiba.com/ x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912] R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-4-16 1109096] S0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-4-16 123320] S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-4-16 126392] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-16 2656280] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-4-16 38096] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-4-16 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-4-16 307304] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-4-16 57216] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152] S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-13 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-11-11 15:26:25 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-11-11 15:26:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-11 14:28:36 -------- d-----w- C:\Users\nate\AppData\Roaming\Malwarebytes 2012-11-11 14:28:29 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-11 14:05:18 -------- d-----w- C:\Users\nate\AppData\Local\Diagnostics 2012-11-11 01:44:13 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4029FBAA-977E-4816-9B32-FF034EF0B5B1}\mpengine.dll 2012-11-10 01:13:48 -------- d--h--w- C:\Users\nate\AppData\Local\Cbox 2012-11-10 01:12:48 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2012-11-10 01:12:48 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2012-11-10 01:12:43 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-11-10 01:11:57 -------- d-----w- C:\Program Files (x86)\Yahoo! 2012-11-09 22:29:27 -------- d-----w- C:\Users\nate\AppData\Local\Adobe 2012-11-09 22:26:19 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-09 22:11:39 -------- d-----w- C:\Users\nate\AppData\Roaming\.techniclauncher 2012-11-06 02:56:14 -------- d--h--w- C:\ProgramData\Common Files 2012-11-04 23:14:04 -------- d-----w- C:\ProgramData\PopCapY 2012-11-04 23:14:04 -------- d-----w- C:\ProgramData\PopCap Games 2012-11-04 23:14:04 -------- d-----w- C:\Program Files (x86)\PopCap Games 2012-11-03 00:32:08 -------- d-----w- C:\Users\nate\AppData\Roaming\Namco 2012-11-03 00:32:05 -------- d-----w- C:\Program Files (x86)\Pacman 2012-11-03 00:31:57 -------- d-----w- C:\Program Files (x86)\Common Files\Pacman 2012-10-21 01:51:07 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63DC9507-85A0-42DB-A12C-921B4B18BF68}\gapaengine.dll . ==================== Find3M ==================== . 2012-10-09 11:27:43 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 11:27:42 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys 2012-08-31 02:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys 2012-08-31 02:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe 2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 11:40:59.09 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/29/2012 12:09:22 PM System Uptime: 11/11/2012 10:22:17 AM (1 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU1 | 2294/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 450 GiB total, 405.032 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP46: 10/27/2012 8:03:41 AM - Windows Update RP47: 10/30/2012 10:39:29 AM - Windows Update RP48: 11/2/2012 9:26:19 PM - Windows Update RP49: 11/5/2012 9:19:37 PM - Removed SweetIM for Messenger 3.7 RP50: 11/5/2012 9:21:11 PM - Removed SweetPacks bundle uninstaller RP51: 11/5/2012 9:51:22 PM - Removed SweetPacks bundle uninstaller RP52: 11/6/2012 1:28:53 PM - Windows Update RP53: 11/9/2012 5:25:54 PM - Windows Update RP54: 11/10/2012 4:28:27 PM - Removed Update Manager for SweetPacks 1.1 RP55: 11/10/2012 4:38:53 PM - Removed Internet Explorer Toolbar 4.6 by SweetPacks RP56: 11/10/2012 4:41:36 PM - Removed Label@Once 1.0. RP57: 11/10/2012 4:42:20 PM - Removed PlayReady PC Runtime x86 RP58: 11/10/2012 4:43:07 PM - Removed Skype Launcher RP59: 11/10/2012 4:43:28 PM - Removed Toshiba Book Place. . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X MUI Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Bejeweled 3 Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Conexant HD Audio D3DX10 FATE - The Traitor Soul Google Chrome Google Toolbar for Internet Explorer Google Update Helper Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Java 7 Update 5 (64-bit) Junk Mail filter update Letters from Nowhere 2 Malwarebytes Anti-Malware version 1.65.1.1000 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSVCRT_amd64 Netwaiting Pacman (remove only) Penguins! Pirate101 Plants vs. Zombies Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 Polar Bowler Realtek USB 2.0 Reader Driver Realtek WLAN Driver RollerCoaster Tycoon 3: Platinum Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Synaptics Pointing Device Driver Tales of Lagoona Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBARegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life WildTangent Games WildTangent Games App (Toshiba Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Wizard101 Yahoo! Detect Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 11/9/2012 8:12:53 PM, Error: Service Control Manager [7030] - The CboxUpdater service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/9/2012 8:12:25 PM, Error: Service Control Manager [7030] - The PCUnzipUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/9/2012 8:12:16 PM, Error: Service Control Manager [7030] - The FreeOnlineConverterUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/11/2012 10:22:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/11/2012 10:22:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/11/2012 10:22:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/11/2012 10:22:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/11/2012 10:22:41 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6 11/10/2012 4:40:08 PM, Error: Service Control Manager [7034] - The PCUnzipUpdt service terminated unexpectedly. It has done this 1 time(s). 11/10/2012 4:32:42 PM, Error: Service Control Manager [7034] - The FreeOnlineConverterUpdt service terminated unexpectedly. It has done this 1 time(s). 11/10/2012 4:27:25 PM, Error: Service Control Manager [7034] - The CboxUpdater service terminated unexpectedly. It has done this 1 time(s). 11/10/2012 10:31:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service. . ==== End Of File ===========================