Jump to content

HTrueOLLC

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral

About HTrueOLLC

  • Birthday 01/28/1973

Profile Information

  • Location
    Houston, TX
  1. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013 Ran by SYSTEM on MINWINPC on 12-12-2013 03:08:30 Running from G:\ WIN_VISTA Service Pack 1 (X64) OS Language: English(US) Boot Mode: Recovery Attention: Could not load system hive. Attention: System hive is missing. ==================== Registry (Whitelisted) ================== Attention: Software hive is missing. ATTENTION: Software hive is not loaded. ==================== Services (Whitelisted) ================= ==================== Drivers (Whitelisted) ==================== ========================== Drivers MD5 ======================= ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== ==================== One Month Modified Files and Folders ======= ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!. C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!. C:\Windows\explorer.exe IS MISSING <==== ATTENTION!. C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!. C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!. C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!. C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!. C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!. C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!. ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: <===== ATTENTION! HKLM\...\exefile\DefaultIcon: <===== ATTENTION! HKLM\...\exefile\open\command: <===== ATTENTION! ==================== Restore Points ========================= ==================== BCD ================================ The boot configuration data store could not be opened. The system cannot find the path specified. ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 3965.48 MB Available physical RAM: 3486.58 MB Total Pagefile: 3720.23 MB Available Pagefile: 3446.98 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Drives ================================ Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS Drive g: () (Removable) (Total:1.9 GB) (Free:1.66 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) ==================== End Of Log ============================
  2. Is it saving a log out there, somewhere? Even in SAFE MODE it crashes. The last several attempts to even log into windows resulted in a crash. Should I try a system restore?
  3. Is there an alternative to ESET online? I can't get through the whole process without crashing. Then I have to start all over again. The last I saw it had found 4 threats and was still scanning. All of them were "a variant of Win32/Toolbar.Conduit.B application". I'm trying it now, in SAFE MODE. if it gets all the way through, I'll paste the log.
  4. Here are the 4 requested files. FYI . . . the Roguekiller website has google ads that make you think you are downloading their software but in reality you are downloading something about browser protection. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows Vista Home Premium x64 Ran by Cliff on Thu 12/05/2013 at 17:00:53.70 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitengine Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitengine Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2117678 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2504091 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F6E12D62-5F7F-44DB-BF40-67C07FF4BF62} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86} ~~~ Files Successfully deleted: [File] C:\Windows\Tasks\registrybooster.job Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\big fish games" Successfully deleted: [Folder] "C:\Users\Cliff\AppData\Roaming\registry mechanic" Successfully deleted: [Folder] "C:\Users\Cliff\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Cliff\appdata\locallow\boost_interprocess" Successfully deleted: [Folder] "C:\Users\Cliff\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Cliff\appdata\locallow\conduitengine" Successfully deleted: [Folder] "C:\Users\Cliff\appdata\locallow\vuze_remote" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine" Successfully deleted: [Folder] "C:\Program Files (x86)\vuze_remote" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue" Successfully deleted: [Empty Folder] C:\Users\Cliff\appdata\local\{02B9EA11-C9EE-467B-985C-9BB9788609BD} Successfully deleted: [Empty Folder] C:\Users\Cliff\appdata\local\{3565E819-A319-4F32-9C2C-96D256B7137C} Successfully deleted: [Empty Folder] C:\Users\Cliff\appdata\local\{CD259234-DD30-4EFE-9C30-E5019066B701} Successfully deleted: [Empty Folder] C:\Users\Cliff\appdata\local\{E6F0BA9B-63E5-4A0B-A5A6-0D9C1C51251A} ~~~ Chrome Successfully deleted: [Folder] C:\Users\Cliff\appdata\local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 12/05/2013 at 17:13:16.27 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.014 - Report created 05/12/2013 at 17:24:07 # Updated 01/12/2013 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (64 bits) # Username : Cliff - CLIFF-PC # Running from : C:\Users\Cliff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARA4KVF5\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\AVG Security Toolbar [!] Folder Deleted : C:\ProgramData\NCH Software [!] Folder Deleted : C:\ProgramData\Uniblue\DriverScanner [!] Folder Deleted : C:\Program Files (x86)\NCH Software [!] Folder Deleted : C:\Program Files (x86)\NCH [!] Folder Deleted : C:\Users\Cliff\AppData\Local\PackageAware [!] Folder Deleted : C:\Users\Cliff\AppData\LocalLow\AVG Security Toolbar [!] Folder Deleted : C:\Users\Cliff\AppData\LocalLow\NCH [!] Folder Deleted : C:\Users\Cliff\AppData\Roaming\NCH Software [!] Folder Deleted : C:\Users\Cliff-alternate\AppData\LocalLow\Conduit [!] Folder Deleted : C:\Users\Cliff-alternate\AppData\LocalLow\ConduitEngine [!] Folder Deleted : C:\Users\Cliff-alternate\AppData\LocalLow\PriceGong [!] Folder Deleted : C:\Users\Cliff-alternate\AppData\LocalLow\Vuze_Remote [!] Folder Deleted : C:\Users\Cliff-alternate\AppData\LocalLow\NCH [!] Folder Deleted : C:\Users\Cliff-alternate\AppData\LocalLow\Vuze_Remote File Deleted : C:\Users\Cliff\AppData\Local\Temp\Uninstall.exe File Deleted : C:\Windows\System32\Tasks\NCH Software ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B61A151-5481-41D2-856D-A6D8450942CE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB40615F-6FBB-433B-96D2-83439866969B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B61A151-5481-41D2-856D-A6D8450942CE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB40615F-6FBB-433B-96D2-83439866969B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B61A151-5481-41D2-856D-A6D8450942CE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FB40615F-6FBB-433B-96D2-83439866969B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D6133A2-ED1A-4FEC-BFE7-F5F48CE2C454} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B469A121-C89F-4094-A35A-B63291B056E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{906EB786-3438-4C11-96C9-6EC38556464A} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\NCH Software Key Deleted : HKCU\Software\AppDataLow\Software\NCH Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\NCH Software Key Deleted : HKLM\Software\Uniblue Key Deleted : HKLM\Software\NCH Key Deleted : HKLM\Software\Vuze_Remote Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlayMP3 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PremiereAdvertisingPlatform Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NCH Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16520 -\\ Google Chrome v31.0.1650.57 [ File : C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [8196 octets] - [05/12/2013 17:20:39] AdwCleaner[s0].txt - [7304 octets] - [05/12/2013 17:24:07] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7364 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.05.08 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Cliff :: CLIFF-PC [administrator] 12/5/2013 5:48:58 PM mbam-log-2013-12-05 (17-48-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 265124 Time elapsed: 19 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 C:\Users\Cliff\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cliff\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. Files Detected: 7 C:\Users\Cliff\Local Settings\Temporary Internet Files\Content.IE5\6IH1AEBM\mism[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cliff\Local Settings\Temporary Internet Files\Content.IE5\Y1VRNI4F\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cliff\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cliff\AppData\Local\Temp\ct3288691\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cliff\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cliff\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cliff\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. (end) RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Cliff [Admin rights] Mode : Scan -- Date : 12/05/2013 19:01:17 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Cliff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x][x][x][x]) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Cliff\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID 0913a [x][x][x]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-622844284-1073897313-246545552-1000\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Cliff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x][x][x][x]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-622844284-1073897313-246545552-1000\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Cliff\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID 0913a [x][x][x]) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V1][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [x] -> FOUND [V2][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2552GSX ATA Device +++++ --- User --- [MBR] 497c642f29889f7ca883f7e682e8b8f7 [bSP] ee037b561e1cc4a250a936bb8b7acd13 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228386 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 470808576 | Size: 8588 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk U3 Cruzer Micro USB Device +++++ --- User --- [MBR] 7546226e90be2dac2dca47db4c2fd459 [bSP] 788470fe12ec57aabe933cfdd9c84885 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 245 | Size: 1952 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_12052013_190117.txt >> RKreport[0]_S_12022013_040527.txt
  5. I did it before, but here it is, again: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 2/23/2009 4:41:54 AM System Uptime: 12/3/2013 2:26:05 PM (15 hours ago) . Motherboard: TOSHIBA | | Satellite P305D Processor: AMD Turion 64 X2 Mobile Technology TL-60 | Socket M2/S1G1 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 12.362 GiB free. D: is CDROM (CDFS) E: is Removable G: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0004 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter #2 PNP Device ID: ROOT\*ISATAP\0004 Service: tunnel . Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318} Description: A3682YS3 IDE Controller Device ID: ACPI\PNPA000\4&5D18F2DF&0 Manufacturer: (Standard mass storage controllers) Name: A3682YS3 IDE Controller PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0 Service: ajzjgrp6 . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0000 Service: vpnva . ==== System Restore Points =================== . RP1711: 12/2/2013 8:16:45 AM - Scheduled Checkpoint RP1712: 12/3/2013 6:07:23 AM - Windows Update . ==== Installed Programs ====================== . Adobe Common File Installer Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Premiere Elements 4.0 Adobe Premiere Elements 4.0 Templates Adobe Reader X (10.1.8) Adobe Shockwave Player 11.5 Amazon Links Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Driver Installation Program Atheros Wi-Fi Protected Setup Library ATI Catalyst Install Manager AVG 2014 Battlefield Heroes Big Fish Games: Game Manager Bing Bar Bing Rewards Client Installer Bluetooth Stack for Windows by Toshiba Bonjour Camera Assistant Software for Toshiba Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CD/DVD Drive Acoustic Silencer Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Command & Conquer 3 Tiberium Wars™ Command & Conquer The First Decade Compatibility Pack for the 2007 Office system Conduit Engine Conexant HD Audio CyberLink PowerCinema for TOSHIBA D3DX10 Data Backup DivX Converter DivX Player DivX Plus DirectShow Filters DivX Setup DivX Version Checker DVD MovieFactory for TOSHIBA Express Burn Disc Burning Software FamilySearch Indexing FileZilla Client 3.3.2.1 Fitbit Connect Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) InterActual Player iTunes Java 7 Update 45 Java Auto Updater Junk Mail filter update Loki ActiveX Control Malwarebytes Anti-Malware version 1.75.0.1300 Marvell Miniport Driver Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2003 Primary Interop Assemblies Microsoft Office 2007 Primary Interop Assemblies Microsoft Office File Validation Add-In Microsoft Office Outlook Connector Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Edition 2003 Microsoft Office Suite Activation Assistant Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft UI Engine Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Works Microsoft XML Parser MixPad Audio Mixer Move Media Player MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK My DSC NCH Tone Generator NCH Toolbar O2Micro Flash Memory Card Reader Driver (x64) Origin Pixillion Image Converter ProtectDisc Driver, Version 11 PunkBuster Services QuickBooks QuickBooks Pro 2010 QuickBooks Pro 99 QuickTime Riffplayer 0.4.3 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Security Update for Windows Media Player (KB2845142) Segoe UI SharpEye Music Reader 2 Skins Skype Click to Call Skype™ 6.0 Stronghold Crusader Extreme Stronghold Legends Synaptics Pointing Device Driver Tank-o-Box Toshiba Assist TOSHIBA ConfigFree TOSHIBA Desktop Links TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA Recovery Disc Creator Toshiba Registration TOSHIBA Service Station TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package Tradewinds - Caravans Tradewinds 2 Tradewinds Legends Tradewinds Odyssey TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper UnfriendApp Uninstall FamilySearch Indexing Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update Installer for WildTangent Games App VC80CRTRedist - 8.0.50727.6195 Version 4.4 Demo Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VLC media player 2.0.5 Vuze Remote Toolbar WavePad Sound Editor WD SmartWare WildTangent Games WildTangent Games App (Toshiba Games) Windows 7 Upgrade Advisor Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Windows Media Lite 2.3.0 . ==== Event Viewer Messages From Past Week ======== . 12/4/2013 5:00:35 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 22 time(s). 12/4/2013 5:00:03 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 21 time(s). 12/3/2013 8:15:09 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 20 time(s). 12/3/2013 8:14:41 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 19 time(s). 12/3/2013 8:12:37 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 6 time(s). 12/3/2013 8:12:04 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 5 time(s). 12/3/2013 7:09:31 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 4 time(s). 12/3/2013 7:08:59 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 3 time(s). 12/3/2013 6:14:14 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 18 time(s). 12/3/2013 6:13:46 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 17 time(s). 12/3/2013 6:09:25 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 2 time(s). 12/3/2013 6:08:44 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 1 time(s). 12/3/2013 6:00:26 AM, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s). 12/3/2013 6:00:26 AM, Error: Service Control Manager [7034] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). 12/3/2013 6:00:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 12/3/2013 6:00:26 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD File Management Engine service to connect. 12/3/2013 6:00:26 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect. 12/3/2013 6:00:26 AM, Error: Service Control Manager [7000] - The WD File Management Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/3/2013 6:00:26 AM, Error: Service Control Manager [7000] - The TOSHIBA Optical Disc Drive Service service failed to start due to the following error: The system cannot find the path specified. 12/3/2013 5:50:30 PM, Error: Service Control Manager [7031] - The Fitbit Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 12/3/2013 5:16:12 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 16 time(s). 12/3/2013 5:15:38 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 15 time(s). 12/3/2013 3:15:05 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 14 time(s). 12/3/2013 3:14:31 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 13 time(s). 12/3/2013 11:12:51 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 10 time(s). 12/3/2013 11:12:19 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 9 time(s). 12/3/2013 10:09:44 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 8 time(s). 12/3/2013 10:09:10 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 7 time(s). 12/3/2013 1:13:57 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 12 time(s). 12/3/2013 1:13:25 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 11 time(s). 12/2/2013 10:51:50 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 12/2/2013 10:42:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Cisco AnyConnect Secure Mobility Agent service to connect. 12/2/2013 10:42:09 PM, Error: Service Control Manager [7000] - The Cisco AnyConnect Secure Mobility Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/2/2013 10:39:23 PM, Error: EventLog [6008] - The previous system shutdown at 10:34:29 PM on 12/2/2013 was unexpected. 12/1/2013 2:53:22 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. 11/30/2013 7:24:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the XAudioService service to connect. 11/30/2013 7:24:57 AM, Error: Service Control Manager [7000] - The XAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/30/2013 6:01:53 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user Cliff-PC\Cliff-alternate SID (S-1-5-21-622844284-1073897313-246545552-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 11/30/2013 5:57:08 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 24 time(s). 11/30/2013 5:56:37 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 23 time(s). 11/30/2013 10:35:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect. 11/30/2013 10:35:29 PM, Error: Service Control Manager [7000] - The Intuit Update Service v4 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/30/2013 10:34:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1c9c0688f8ebe14) service to connect. 11/30/2013 10:34:56 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1c9c0688f8ebe14) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2013 11:45:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect. 11/28/2013 11:45:14 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/28/2013 11:45:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 11/27/2013 9:26:47 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 30 time(s). 11/27/2013 9:26:12 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 29 time(s). 11/27/2013 7:25:39 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 28 time(s). 11/27/2013 7:24:51 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 27 time(s). 11/27/2013 5:24:06 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 26 time(s). 11/27/2013 5:23:33 PM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 25 time(s). . ==== End Of File ===========================
  6. Below are my last three scan logs copied and pasted beginning with the most current: ___________________ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.02.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Cliff :: CLIFF-PC [administrator] 12/2/2013 5:27:41 AM MBAM-log-2013-12-02 (20-39-39).txt Scan type: Full scan (C:\|G:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 543218 Time elapsed: 2 hour(s), 25 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb (PUP.Optional.MultiIE) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 5 C:\Users\Cliff\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Cliff\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb (PUP.Optional.MultiIE) -> No action taken. C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0 (PUP.Optional.MultiIE) -> No action taken. C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\plugin (PUP.Optional.MultiIE) -> No action taken. Files Detected: 15 C:\Users\Cliff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IH1AEBM\mism[1].exe (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Cliff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1VRNI4F\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Cliff\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Cliff\AppData\Local\Temp\ct3288691\ism.exe (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Cliff\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Cliff\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Cliff\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\background.html (PUP.Optional.MultiIE) -> No action taken. C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\contentscript.js (PUP.Optional.MultiIE) -> No action taken. C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\icon.png (PUP.Optional.MultiIE) -> No action taken. C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\icon128.png (PUP.Optional.MultiIE) -> No action taken. C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\icon16.png (PUP.Optional.MultiIE) -> No action taken. C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\icon48.png (PUP.Optional.MultiIE) -> No action taken. C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\manifest.json (PUP.Optional.MultiIE) -> No action taken. C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\plugin\gc_getcid.dll (PUP.Optional.MultiIE) -> No action taken. (end) Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.10.29.08 Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421Cliff :: CLIFF-PC [administrator] 11/4/2013 5:48:57 AMmbam-log-2013-11-04 (05-48-57).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 232163Time elapsed: 25 minute(s), 48 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.10.29.08 Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421Cliff :: CLIFF-PC [administrator] 10/29/2013 12:50:03 PMmbam-log-2013-10-29 (12-50-03).txt Scan type: Full scan (C:\|F:\|G:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 511235Time elapsed: 3 hour(s), 5 minute(s), 56 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 8HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.HKCR\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.HKCR\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.HKCR\DynConIE.DynConIEObject.1 (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.HKCR\DynConIE.DynConIEObject (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 2C:\Program Files (x86)\UnfriendApp\IE\common.dll (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.C:\Users\Cliff\Downloads\mplayer_Setup.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully. (end)
  7. DDS.txt and Attach.txt files are copied and pasted below: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16520 BrowserJavaVersion: 10.45.2 Run by Cliff at 5:02:13 on 2013-12-04 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3965.2128 [GMT -6:00] . AV: AVG update module *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG update module *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\DRIVERS\xaudio64.exe C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\System32\p2phost.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\SBC\update\SST.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe c:\program files\windows defender\MpCmdRun.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll uURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll mURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll TB: NCH Toolbar: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\prxtbNCH.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [CollaborationHost] C:\Windows\System32\p2phost.exe -s uRun: [Data Backup] "C:\Program Files (x86)\Data Backup\Data Backup Client\databackup.exe" -boot uRun: [ROC_ROC_APR2013_AV] C:\Users\Cliff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun uRun: [AVG-Secure-Search-Update_0913a] C:\Users\Cliff\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID 0913a mRun: [NDSTray.exe] NDSTray.exe mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" mRun: [sBC_McciTrayApp] "C:\Program Files (x86)\SBC\update\SST.exe" mRun: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe" mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:149 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 192.168.1.254 TCP: Interfaces\{CEA8B200-FA0D-44D0-B32C-23863A268814} : DHCPNameServer = 128.249.38.101 128.249.38.102 128.249.237.101 TCP: Interfaces\{EE9B0169-6473-4439-BE8D-F45F719C9A9B} : DHCPNameServer = 192.168.1.254 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide x64-mPolicies-Explorer: NoActiveDesktop = dword:1 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - <orphaned> x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - LocalServer32 - <no file> x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-8-13 55856] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2007-8-20 531968] R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-4-16 87600] R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2009-2-23 26624] R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-4-18 308296] R2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2009-12-5 376400] R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2007-12-25 40960] R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584] R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136] R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2007-8-20 46392] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-12-10 479224] R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-5-10 130560] R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-5-10 483328] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288] R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2007-11-1 293376] R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\CHDART64.sys [2008-2-1 222720] R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2008-1-15 58328] R3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2008-1-8 51544] R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2007-4-9 9728] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992] S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-9-3 3538480] S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-22 301152] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate1c9c0688f8ebe14;Google Update Service (gupdate1c9c0688f8ebe14);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-18 133104] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-5-10 1858048] S3 acsint;acsint;C:\Windows\System32\drivers\acsint64.sys [2013-2-25 49104] S3 acsmux;acsmux;C:\Windows\System32\drivers\acsmux64.sys [2012-12-10 73168] S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-22 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2009-2-23 937984] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-4-18 102472] S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-4-18 40904] S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-4-18 49480] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632] S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2007-12-28 391680] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-21 89920] S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2007-8-20 248320] S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2007-8-20 237568] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2013-11-28 17:49:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-11-28 17:49:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-11-26 01:32:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-11-26 01:32:26 264616 ----a-w- C:\Windows\SysWow64\javaws.exe 2013-11-26 01:32:26 175016 ----a-w- C:\Windows\SysWow64\javaw.exe 2013-11-26 01:32:26 174504 ----a-w- C:\Windows\SysWow64\java.exe 2013-11-18 02:29:40 82896128 ----a-w- C:\Windows\System32\mrt.exe 2013-11-11 11:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe 2013-10-13 15:58:41 17847296 ----a-w- C:\Windows\System32\mshtml.dll 2013-10-13 15:09:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll 2013-10-13 14:55:42 2334720 ----a-w- C:\Windows\System32\jscript9.dll 2013-10-13 14:48:43 1346560 ----a-w- C:\Windows\System32\urlmon.dll 2013-10-13 14:47:43 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-10-13 14:46:53 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-10-13 14:46:27 237056 ----a-w- C:\Windows\System32\url.dll 2013-10-13 14:44:28 85504 ----a-w- C:\Windows\System32\jsproxy.dll 2013-10-13 14:42:38 816640 ----a-w- C:\Windows\System32\jscript.dll 2013-10-13 14:42:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-10-13 14:42:11 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-10-13 14:39:50 2147840 ----a-w- C:\Windows\System32\iertutil.dll 2013-10-13 14:38:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll 2013-10-13 14:36:11 96768 ----a-w- C:\Windows\System32\mshtmled.dll 2013-10-13 14:35:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-10-13 14:29:31 248320 ----a-w- C:\Windows\System32\ieui.dll 2013-10-13 10:42:12 12344832 ----a-w- C:\Windows\SysWow64\mshtml.dll 2013-10-13 10:08:04 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll 2013-10-13 09:48:06 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-10-13 09:37:03 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll 2013-10-13 09:35:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-10-13 09:35:38 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-10-13 09:33:57 231936 ----a-w- C:\Windows\SysWow64\url.dll 2013-10-13 09:32:00 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll 2013-10-13 09:30:20 717824 ----a-w- C:\Windows\SysWow64\jscript.dll 2013-10-13 09:30:14 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-10-13 09:29:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-10-13 09:27:43 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll 2013-10-13 09:27:40 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll 2013-10-13 09:26:08 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll 2013-10-13 09:25:39 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-10-13 09:20:51 176640 ----a-w- C:\Windows\SysWow64\ieui.dll 2013-10-11 04:23:42 462848 ----a-w- C:\Windows\System32\IKEEXT.DLL 2013-10-11 04:23:21 781824 ----a-w- C:\Windows\System32\FWPUCLNT.DLL 2013-10-11 02:07:57 596480 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL 2013-10-03 15:03:41 389632 ----a-w- C:\Windows\System32\gdi32.dll 2013-10-03 15:02:58 1278976 ----a-w- C:\Windows\System32\crypt32.dll 2013-10-03 12:46:36 304128 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-10-03 12:45:45 993792 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-09-26 02:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys 2013-09-18 20:08:56 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll 2013-09-09 03:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2012-09-18 11:32:20 4096000 ----a-w- C:\Program Files (x86)\GUT4538.tmp . ============= FINISH: 5:02:57.33 =============== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16520 BrowserJavaVersion: 10.45.2 Run by Cliff at 5:02:13 on 2013-12-04 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3965.2128 [GMT -6:00] . AV: AVG update module *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG update module *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\DRIVERS\xaudio64.exe C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\System32\p2phost.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\SBC\update\SST.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe c:\program files\windows defender\MpCmdRun.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll uURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll mURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll TB: NCH Toolbar: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\prxtbNCH.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [CollaborationHost] C:\Windows\System32\p2phost.exe -s uRun: [Data Backup] "C:\Program Files (x86)\Data Backup\Data Backup Client\databackup.exe" -boot uRun: [ROC_ROC_APR2013_AV] C:\Users\Cliff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun uRun: [AVG-Secure-Search-Update_0913a] C:\Users\Cliff\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID 0913a mRun: [NDSTray.exe] NDSTray.exe mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" mRun: [sBC_McciTrayApp] "C:\Program Files (x86)\SBC\update\SST.exe" mRun: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe" mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:149 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 192.168.1.254 TCP: Interfaces\{CEA8B200-FA0D-44D0-B32C-23863A268814} : DHCPNameServer = 128.249.38.101 128.249.38.102 128.249.237.101 TCP: Interfaces\{EE9B0169-6473-4439-BE8D-F45F719C9A9B} : DHCPNameServer = 192.168.1.254 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide x64-mPolicies-Explorer: NoActiveDesktop = dword:1 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - <orphaned> x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - LocalServer32 - <no file> x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-8-13 55856] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2007-8-20 531968] R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-4-16 87600] R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2009-2-23 26624] R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-4-18 308296] R2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2009-12-5 376400] R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2007-12-25 40960] R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584] R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136] R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2007-8-20 46392] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-12-10 479224] R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-5-10 130560] R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-5-10 483328] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288] R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2007-11-1 293376] R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\CHDART64.sys [2008-2-1 222720] R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2008-1-15 58328] R3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2008-1-8 51544] R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2007-4-9 9728] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992] S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-9-3 3538480] S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-22 301152] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate1c9c0688f8ebe14;Google Update Service (gupdate1c9c0688f8ebe14);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-18 133104] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-5-10 1858048] S3 acsint;acsint;C:\Windows\System32\drivers\acsint64.sys [2013-2-25 49104] S3 acsmux;acsmux;C:\Windows\System32\drivers\acsmux64.sys [2012-12-10 73168] S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-22 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2009-2-23 937984] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-4-18 102472] S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-4-18 40904] S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-4-18 49480] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632] S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2007-12-28 391680] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-21 89920] S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2007-8-20 248320] S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2007-8-20 237568] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2013-11-28 17:49:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-11-28 17:49:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-11-26 01:32:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-11-26 01:32:26 264616 ----a-w- C:\Windows\SysWow64\javaws.exe 2013-11-26 01:32:26 175016 ----a-w- C:\Windows\SysWow64\javaw.exe 2013-11-26 01:32:26 174504 ----a-w- C:\Windows\SysWow64\java.exe 2013-11-18 02:29:40 82896128 ----a-w- C:\Windows\System32\mrt.exe 2013-11-11 11:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe 2013-10-13 15:58:41 17847296 ----a-w- C:\Windows\System32\mshtml.dll 2013-10-13 15:09:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll 2013-10-13 14:55:42 2334720 ----a-w- C:\Windows\System32\jscript9.dll 2013-10-13 14:48:43 1346560 ----a-w- C:\Windows\System32\urlmon.dll 2013-10-13 14:47:43 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-10-13 14:46:53 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-10-13 14:46:27 237056 ----a-w- C:\Windows\System32\url.dll 2013-10-13 14:44:28 85504 ----a-w- C:\Windows\System32\jsproxy.dll 2013-10-13 14:42:38 816640 ----a-w- C:\Windows\System32\jscript.dll 2013-10-13 14:42:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-10-13 14:42:11 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-10-13 14:39:50 2147840 ----a-w- C:\Windows\System32\iertutil.dll 2013-10-13 14:38:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll 2013-10-13 14:36:11 96768 ----a-w- C:\Windows\System32\mshtmled.dll 2013-10-13 14:35:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-10-13 14:29:31 248320 ----a-w- C:\Windows\System32\ieui.dll 2013-10-13 10:42:12 12344832 ----a-w- C:\Windows\SysWow64\mshtml.dll 2013-10-13 10:08:04 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll 2013-10-13 09:48:06 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-10-13 09:37:03 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll 2013-10-13 09:35:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-10-13 09:35:38 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-10-13 09:33:57 231936 ----a-w- C:\Windows\SysWow64\url.dll 2013-10-13 09:32:00 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll 2013-10-13 09:30:20 717824 ----a-w- C:\Windows\SysWow64\jscript.dll 2013-10-13 09:30:14 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-10-13 09:29:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-10-13 09:27:43 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll 2013-10-13 09:27:40 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll 2013-10-13 09:26:08 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll 2013-10-13 09:25:39 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-10-13 09:20:51 176640 ----a-w- C:\Windows\SysWow64\ieui.dll 2013-10-11 04:23:42 462848 ----a-w- C:\Windows\System32\IKEEXT.DLL 2013-10-11 04:23:21 781824 ----a-w- C:\Windows\System32\FWPUCLNT.DLL 2013-10-11 02:07:57 596480 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL 2013-10-03 15:03:41 389632 ----a-w- C:\Windows\System32\gdi32.dll 2013-10-03 15:02:58 1278976 ----a-w- C:\Windows\System32\crypt32.dll 2013-10-03 12:46:36 304128 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-10-03 12:45:45 993792 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-09-26 02:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys 2013-09-18 20:08:56 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll 2013-09-09 03:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2012-09-18 11:32:20 4096000 ----a-w- C:\Program Files (x86)\GUT4538.tmp . ============= FINISH: 5:02:57.33 ===============
  8. Attached are the latest logs: 10/29/13 is the one where it seems like the problems began. 11/4/13 was an attempt to correct the problems but it didn't find any malware. 12/2/13 (today) was to see if there was anything else. It shows 21 objects. I have not deleted them. mbam-log-2013-10-29 (12-50-03).txtmbam-log-2013-11-04 (05-48-57).txtMBAM-log-2013-12-02 (20-39-39).txt
  9. I see several people with dds files attached to their initial post, but I don't know what that is or how to get it.
  10. A few months ago I downloaded Malwarebytes Anti-Malware and ran a full scan. It identified several potential threats. I quarantined them and deleted them. Immediately afterward I started having system issues, (i.e., frequent crashes, boot-up failures, errors when starting software or when going into windows). After about a month of this, I figured I should run a system restore to a date prior to installing Malwarebytes assuming that my deleting one or more of these "potential threats" is what was causing my system problems. Unfortunately the only choices for restore dates were subsequent to my installing and running the scan. One of my biggest issues is my inability to start QuickBooks--my business accounting software. I get a Windows Installer--Preparing to install message that won't go away until I close it with Task Manager. Please Help! I recently ran a scan again and it found 21 more "PUP" files. I decided to just exit without deleting them, for now. I don't need any more problems
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.