DaveUpNorth Posted January 13, 2013 ID:633722 Share Posted January 13, 2013 My primary screen was taken over with the ransom request. I use dual monitors, so I was able to run my MalwareBytes PRO, which found no infections.Here are the requested logs:ATTACH.TXT.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 7/14/2010 11:02:30 AMSystem Uptime: 1/13/2013 12:49:17 PM (1 hours ago).Motherboard: TOSHIBA | | Portable PCProcessor: Intel® Core i5 CPU M 520 @ 2.40GHz | rPGA988A Socket | 2394/mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 222 GiB total, 53.756 GiB free.D: is RemovableE: is CDROM (CDFS).==== Disabled Device Manager Items =============.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: Security Processor Loader DriverDevice ID: ROOT\LEGACY_SPLDR\0000Manufacturer:Name: Security Processor Loader DriverPNP Device ID: ROOT\LEGACY_SPLDR\0000Service: spldr.Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}Description: Consumer IR DevicesDevice ID: ROOT\SYSTEM\0001Manufacturer: MicrosoftName: Consumer IR DevicesPNP Device ID: ROOT\SYSTEM\0001Service: circlass.==== System Restore Points ===================.RP38: 1/8/2013 3:00:25 AM - Windows UpdateRP39: 1/9/2013 3:00:28 AM - Windows UpdateRP40: 1/10/2013 3:00:44 AM - Windows UpdateRP41: 1/11/2013 3:00:30 AM - Windows UpdateRP42: 1/12/2013 3:00:28 AM - Windows UpdateRP43: 1/13/2013 3:00:20 AM - Windows UpdateRP44: 1/13/2013 11:02:31 AM - Restore Operation.==== Installed Programs ======================.Adobe AIRAdobe Digital Editions 2.0Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.5.2ALPS Touch Pad DriverAmazon KindleAmazon MP3 Downloader 1.0.17Apple Application SupportApple Mobile Device SupportApple Software UpdateAudacity 1.3.13 (Unicode)AuthenTec Fingerprint SoftwareAVer Media CenterAVerMedia ApplicationsAVerMedia H826 series driver 2.0.64.126AVerMedia Media Center Plug-ins 2.0.8.0AVerRadioAVG 2012AVG 2013AVG Security ToolbarBing DesktopBluetooth Stack for Windows by ToshibaBoingo Wi-FinderBonjourBrainStormBrother MFL-Pro Suite MFC-5460CNCCleanerCDBurnerXPCoupon Printer for WindowsCutePDF Writer 2.8D3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDING!DropboxeFax MessengereMusic Download ManagerEvernote v. 4.5.8ExifPro 1.0 Photo ViewerFileSeek 2.1.3FileZilla Client 3.5.3FlipShareFree MP3 WMA OGG Converter 9.0.1Google ChromeGoogle DriveGoogle Update HelperGoToMeeting 5.1.0.880iMeshIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsIntel® Network Connections DriversIntel® Rapid Storage TechnologyiNTERNET TurboiTunesJapanese Fonts Support For Adobe Reader 9Java 7 Update 9Java Auto UpdaterJava 6 Update 37Junk Mail filter updateKeePass Password Safe 1.20Keynote ConnectorLSI V92 MOH ApplicationMalwarebytes Anti-Malware version 1.70.0.1100Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Live Meeting 2007Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)Microsoft SQL Server Native ClientMicrosoft SQL Server Setup Support Files (English)Microsoft SQL Server VSS WriterMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219MIKSOFT Mobile Media ConverterMiMediaMozilla Firefox 17.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)PhotoFiltrePlayReady PC Runtime amd64Quick PDF Converter v4.1Quickbooks Financial CenterQuickTimeRead Aloud 2Realtek High Definition Audio DriverReimage RepairRevo Uninstaller 1.94RICOH R5U230 Media Driver ver.2.08.03.03ScanSoft PaperPort 11Secunia PSI (2.0.0.3003)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSkype LauncherSnugTV StationSound OrganizerSugarSync ManagerTFPUTodoist version 1.9TOSHIBA Application InstallerTOSHIBA AssistTOSHIBA Bulletin BoardTOSHIBA ConfigFreeTOSHIBA Disc CreatorTOSHIBA DVD PLAYERTOSHIBA eco UtilityTOSHIBA Extended Tiles for Windows Mobility CenterTOSHIBA Fingerprint UtilityTOSHIBA HDD ProtectionTOSHIBA HDD/SSD AlertTOSHIBA Internal Modem Region Select UtilityToshiba Online BackupTOSHIBA PC Health MonitorTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Service StationTOSHIBA Software ModemTOSHIBA Tablet Access Code Logon UtilityTOSHIBA Tablet PC Extension (x64)TOSHIBA USB Sleep and Charge UtilityTOSHIBA Value Added PackageTOSHIBA Web Camera ApplicationToshibaRegistrationTouch DriverTweetDeckUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2687277) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionUSB2.0 Capture DeviceVisual Studio 2008 x64 RedistributablesVisual Studio 2010 x64 RedistributablesVLC media player 2.0.2WebExWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Player Firefox PluginWindows XP ModeWorldWinner GamesYouSendIt Express.==== Event Viewer Messages From Past Week ========.1/8/2013 9:37:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.1/8/2013 10:37:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ATService service.1/7/2013 7:31:57 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.1/6/2013 7:37:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.1/6/2013 5:09:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.1/6/2013 5:09:05 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/13/2013 7:27:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FlipShare Server service to connect.1/13/2013 3:01:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).1/13/2013 12:50:48 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.1/13/2013 12:50:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}1/13/2013 12:50:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}1/13/2013 12:50:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}1/13/2013 12:50:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}1/13/2013 12:50:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}1/13/2013 12:50:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}1/13/2013 12:49:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Tosrfcom vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.1/13/2013 11:44:03 AM, Error: Service Control Manager [7000] - The TOSHIBA Touch Pad Service service failed to start due to the following error: The system cannot find the file specified.1/13/2013 11:42:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FlipShare Service service to connect.1/13/2013 11:42:08 AM, Error: Service Control Manager [7000] - The FlipShare Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/13/2013 11:28:04 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.1/13/2013 11:04:43 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.1/13/2013 10:42:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}1/13/2013 10:36:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache MpFilter spldr Tosrfcom vpcvmm Wanarpv61/11/2013 8:47:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.141.3725.0).1/11/2013 8:46:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3637.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070643 Error description: Fatal error during installation.1/11/2013 8:37:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.1/11/2013 11:37:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3637.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates.1/11/2013 11:37:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3637.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates.1/10/2013 3:49:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.1/10/2013 3:39:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service..==== End Of File ===========================DDS.TXTDDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMALInternet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2Run by toshibauser at 12:58:27 on 2013-01-13Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3824.2929 [GMT -5:00].AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\SYSTEM32\WISPTIS.EXEC:\windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\windows\Explorer.EXEC:\windows\system32\ctfmon.exeC:\windows\hh.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://start.toshiba.com/uDefault_Page_URL = hxxp://start.toshiba.com/mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAmDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAuURLSearchHooks: <No Name>: - LocalServer32 - <no file>uURLSearchHooks: {f999a48b-1950-4d81-9971-79018f807b4b} - <orphaned>mWinlogon: Userinit = userinit.exe,BHO: TFPUPWDBankBHO Class: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} -BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} -TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [YouSendIt.exe] C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe -ui nonemRun: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exemRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDEDmRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exemRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60mRun: [TRot.exe] C:\Program Files (x86)\Toshiba\TOSHIBA Rotation Utility\TRot.exemRun: [TAcelMgr] C:\Program Files (x86)\Toshiba\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exemRun: [TSkrMain] C:\Program Files (x86)\Toshiba\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exemRun: [button Disable] C:\Program Files (x86)\Toshiba\TOSHIBA Button Disable\TBD.exemRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorunmRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /STARTmRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUNmRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorunmRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootmRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.inimRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYmRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [iTurbo] C:\Program Files (x86)\iNTERNET Turbo\ITTray.exemRun: [Adobe ARM] "C:\ProgramData\ifgxpers.exe"StartupFolder: C:\Users\TOSHIB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exeStartupFolder: C:\Users\TOSHIB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\toshibauser\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AVERHI~1.LNK - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNUGTV~1.LNK - C:\windows\Installer\{F6C368A7-0DD5-4DA1-BDE1-4369AFA45B4E}\NewShortcut1_46FEF19C05F1475DAA14D9007DC15270_2.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{023C090B-97AB-413F-A1D0-DE71CB2409AA} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{4F24AACA-F94A-4FCF-B524-477A9FC28B82} : NameServer = 107.6.133.8,23.23.180.210TCP: Interfaces\{78837E09-78EF-4035-84A0-25448C433961} : NameServer = 107.6.133.8,23.23.180.210TCP: Interfaces\{915A4D0F-CCBF-4513-947F-C83B4493AC01} : NameServer = 107.6.133.8,23.23.180.210TCP: Interfaces\{915A4D0F-CCBF-4513-947F-C83B4493AC01} : DHCPNameServer = 64.89.70.2 64.89.74.2 66.155.216.122TCP: Interfaces\{9FD2552F-00D6-4945-B1C8-5906BAC0E61C} : NameServer = 107.6.133.8,23.23.180.210TCP: Interfaces\{9FD2552F-00D6-4945-B1C8-5906BAC0E61C} : DHCPNameServer = 10.10.10.235Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-mStart Page = hxxp://start.toshiba.com/x64-mDefault_Page_URL = hxxp://start.toshiba.com/x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exex64-Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exex64-Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /startx64-Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /startx64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEx64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exex64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exex64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exex64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /rx64-Run: [ThpSrv] C:\windows\System32\thpsrv /logonx64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exex64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exex64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exex64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exex64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exex64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\toshibauser\AppData\Roaming\Mozilla\Firefox\Profiles\fvwzz8zk.default\FF - prefs.js: browser.search.defaulturl -FF - prefs.js: browser.startup.homepage - about:blankFF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&barid={1A3D42C2-FD93-11E1-A805-E89D87A0E21D}&q=FF - prefs.js: network.proxy.type - 0FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dllFF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dllFF - plugin: C:\Users\toshibauser\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Users\toshibauser\AppData\Roaming\Mozilla\plugins\npatgpc.dllFF - plugin: C:\windows\System32\Wat\npWatWeb.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dllFF - plugin: C:\windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2012-11-24 06:56; amznUWL2@amazon.com; C:\Users\toshibauser\AppData\Roaming\Mozilla\Firefox\Profiles\fvwzz8zk.default\extensions\amznUWL2@amazon.com.xpiFF - ExtSQL: 2012-11-25 11:13; {7CA9CF31-1C73-46CD-8377-85AB71EA771F}; C:\Users\toshibauser\AppData\Roaming\Mozilla\Firefox\Profiles\fvwzz8zk.default\extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi.---- FIREFOX POLICIES ----.FF - user.js: extensions.claro.autoRvrt - falseFF - user.js: extensions.claro_i.newTab - falseFF - user.js: extensions.claro.id - 342920c5000000000000e89d87a0e21dFF - user.js: extensions.claro.instlDay - 15596FF - user.js: extensions.claro.vrsn - 1.6.4.1FF - user.js: extensions.claro.vrsni - 1.6.4.1FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.17:14:36FF - user.js: extensions.claro.prtnrId - claroFF - user.js: extensions.claro.prdct - claroFF - user.js: extensions.claro.aflt - babsstFF - user.js: extensions.claro_i.smplGrp - noneFF - user.js: extensions.claro.tlbrId - claroFF - user.js: extensions.claro.instlRef - sstFF - user.js: extensions.claro.dfltLng - enFF - user.js: extensions.claro.excTlbr - falseFF - user.js: extensions.claro.admin - falseFF - user.js: extensions.autoDisableScopes - 14.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-7-11 56336]R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-2-20 482384]R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-9-3 30568]R2 rimspci;rimspci;C:\windows\System32\drivers\rimspe64.sys [2010-7-14 60416]R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2010-7-14 80384]R2 rixdpcie;rixdpcie;C:\windows\System32\drivers\rixdpe64.sys [2011-4-26 53760]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-7-14 56344]R3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-1-13 36680]R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;C:\windows\System32\drivers\TBtnKey.sys [2009-7-20 20032]R3 wisdpen;Wacom Penabled MiniDriver;C:\windows\System32\drivers\wisdpen.sys [2011-1-4 44656]S0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]S1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]S1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]S1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]S2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2009-12-18 2704704]S2 AVerRemote;AVerRemote;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2012-1-6 348160]S2 AVerScheduleService;AVerScheduleService;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2012-1-6 397312]S2 AVerUpdateServer;AVerUpdateServer;C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2010-3-9 169984]S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]S2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-11-27 252784]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]S2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 398184]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-13 682344]S2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]S2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]S2 SnugTV Service;SnugTV Service;C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe [2010-4-12 526336]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-12-22 317296]S2 TTPDSrv;TOSHIBA Touch Pad Service;C:\windows\System32\TTPDSRV.exe [2010-7-14 73728]S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-14 2314240]S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\windows\System32\drivers\ATSwpWDF.sys [2009-12-18 734720]S3 AVerFx2hbtv64;AVerMedia H826 USB Hybrid Tuner;C:\windows\System32\drivers\AVerFx2hbtv64.sys [2012-1-6 512512]S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\System32\drivers\e1k62x64.sys [2012-2-2 509104]S3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2009-10-26 151936]S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-6-7 24176]S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2012-11-8 174176]S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-9-21 35008]S3 PSI;PSI;C:\windows\System32\drivers\psi_mf.sys [2010-9-1 17976]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-14 54136]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-12-25 137560]S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-12-24 811376]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-7-14 1255736].=============== File Associations ===============.ShellExec: QuickPDF v3.0.exe: Open=C:\QuickPDFConverter\QuickPdfToWord.exe "%1".=============== Created Last 30 ================.2013-01-13 17:52:04 36680 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys2013-01-13 00:49:55 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B9C7B3F8-0FBD-499A-A1E6-8C670807C8A8}\mpengine.dll2013-01-12 21:54:03 68744 ----a-w- C:\ProgramData\ifgxpers.exe2013-01-12 06:21:46 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-01-09 18:13:46 424448 ----a-w- C:\windows\System32\KernelBase.dll2013-01-09 01:15:49 16369160 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe2013-01-05 17:51:38 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll2013-01-05 17:51:23 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll2012-12-28 17:35:16 -------- d-----w- C:\Program Files (x86)\iNTERNET Turbo2012-12-27 14:25:52 -------- d-----w- C:\rei2012-12-27 14:25:44 -------- d-----w- C:\Program Files\Reimage2012-12-26 17:55:48 -------- d-----w- C:\Program Files\iPod2012-12-26 17:55:45 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692012-12-26 17:55:45 -------- d-----w- C:\Program Files\iTunes2012-12-26 17:55:45 -------- d-----w- C:\Program Files (x86)\iTunes2012-12-23 23:21:59 -------- d-----w- C:\Users\toshibauser\AppData\Local\LogMeIn Rescue Applet2012-12-23 08:00:24 34304 ----a-w- C:\windows\SysWow64\atmlib.dll2012-12-23 08:00:23 46080 ----a-w- C:\windows\System32\atmlib.dll2012-12-23 08:00:23 367616 ----a-w- C:\windows\System32\atmfd.dll2012-12-23 08:00:22 295424 ----a-w- C:\windows\SysWow64\atmfd.dll2012-12-23 01:07:36 -------- d-----w- C:\windows\pss2012-12-18 19:26:26 -------- d-----w- C:\Users\toshibauser\AppData\Local\Adobe_Systems_Incorporate2012-12-17 17:02:45 83560 ----a-w- C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe2012-12-15 18:13:40 -------- d-----w- C:\Users\toshibauser\AppData\Local\TodoistCache.==================== Find3M ====================.2013-01-09 01:16:11 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-01-09 01:16:11 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2012-12-14 21:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys2012-12-10 00:31:55 56336 ------w- C:\windows\System32\drivers\PxHlpa64.sys2012-12-10 00:31:53 11376 ------w- C:\windows\System32\drivers\cdralw2k.sys2012-12-10 00:31:53 10864 ------w- C:\windows\System32\drivers\cdr4_xp.sys2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2012-11-23 03:26:31 3149824 ----a-w- C:\windows\System32\win32k.sys2012-11-23 03:13:57 68608 ----a-w- C:\windows\System32\taskhost.exe2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll2012-11-16 04:33:24 111968 ----a-w- C:\windows\System32\drivers\avgmfx64.sys2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb2012-11-09 05:45:32 750592 ----a-w- C:\windows\System32\win32spl.dll2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll2012-11-09 04:43:04 492032 ----a-w- C:\windows\SysWow64\win32spl.dll2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll2012-11-08 23:38:18 30568 ----a-w- C:\windows\System32\drivers\avgtpx64.sys2012-11-08 16:29:12 1402312 ----a-w- C:\windows\SysWow64\msxml4.dll2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll2012-11-01 05:43:42 2002432 ----a-w- C:\windows\System32\msxml6.dll2012-11-01 05:43:42 1882624 ----a-w- C:\windows\System32\msxml3.dll2012-11-01 04:47:54 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll2012-11-01 04:47:54 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll2012-10-25 08:12:26 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx2012-10-25 08:12:26 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts2012-10-22 18:02:44 154464 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll.============= FINISH: 13:00:57.97 =============== Link to post Share on other sites More sharing options...
MrCharlie Posted January 13, 2013 ID:633730 Share Posted January 13, 2013 Welcome to the forum, see if you can run MBAR or ComboFix:Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.MBAR tutorialDownload Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.Verify that your system is now functioning normally.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 13, 2013 Author ID:633785 Share Posted January 13, 2013 I created a restore point, ran MBAR, which said no cleanup was required. I turned on my wireless to check the Internet Connection, Firewall and Windows update, and the ransom screen immediately appeared. Link to post Share on other sites More sharing options...
MrCharlie Posted January 13, 2013 ID:633793 Share Posted January 13, 2013 See if you can run......Please download and run RogueKiller to your desktop.Quit all running programs.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.or......rkillhttp://www.bleepingc...download/rkill/MrC Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 13, 2013 Author ID:633811 Share Posted January 13, 2013 Here's the report. THanks. Link to post Share on other sites More sharing options...
MrCharlie Posted January 13, 2013 ID:633818 Share Posted January 13, 2013 Try again or attach it...I don't see any logs. MrCTo attach a log:Bottom right corner of this page.New window that comes up. Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 13, 2013 Author ID:633825 Share Posted January 13, 2013 I guess if I want to attach a file I need to click "Attach Files." Sorry about that.RKreport1_S_01132013_02d1514 DaveUpNorth.txt Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 13, 2013 Author ID:633827 Share Posted January 13, 2013 (I had browsed and opened, just didn't attach.) Link to post Share on other sites More sharing options...
MrCharlie Posted January 13, 2013 ID:633840 Share Posted January 13, 2013 Run RogueKiller again and click ScanWhen the scan completes > click on the Registry tabPut a check next to all of these and uncheck the rest: (if found)[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe ARM ("C:\ProgramData\ifgxpers.exe") -> FOUND[TASK][sUSP PATH] VisualBeeRecovery : C:\Users\toshibauser\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe /s -> FOUNDNow click Delete on the right hand column under Options-------------Delete this files if found:C:\ProgramData\ifgxpers.exeMay have to enable hidden files to see it:http://www.howtogeek...-windows-vista/~~~~~~~~~~~~~~~~~~Next...........Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 13, 2013 Author ID:633879 Share Posted January 13, 2013 Everything proceeded well. Now ComboFix has been "preparing a log report" for quite a long time--more than 45 minutes. Shall I wait longer, and/or should I do something else? Link to post Share on other sites More sharing options...
MrCharlie Posted January 13, 2013 ID:633892 Share Posted January 13, 2013 Get out of it and...............Try it like this......Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).Click Start --> Run, and enter this command exactly as shown: (copy and paste)"%userprofile%\desktop\combofix.exe" /nombrSee if it will run successfully now. MrC Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 14, 2013 Author ID:633909 Share Posted January 14, 2013 Not sure why but I can't find Start ---> Run. I'm on Windows 7 Pro. I know I've used that command path before, but must haev a brain freeze (or eye freeze.) Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 14, 2013 Author ID:633910 Share Posted January 14, 2013 Googled. Used windows-R and got it.. Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 14, 2013 Author ID:633921 Share Posted January 14, 2013 It's stalled again for more than a half-hour. There is a combofix.txt file in the c:combofix folder, which was created at 7:32 pm today. Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 14, 2013 Author ID:633923 Share Posted January 14, 2013 The txt file was created at 7:32 Link to post Share on other sites More sharing options...
MrCharlie Posted January 14, 2013 ID:633924 Share Posted January 14, 2013 Post it, MrC Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 14, 2013 Author ID:633927 Share Posted January 14, 2013 Here we go. Thx.ComboFix.txt Link to post Share on other sites More sharing options...
MrCharlie Posted January 14, 2013 ID:633940 Share Posted January 14, 2013 Looks like it never finished.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.MrC Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 14, 2013 Author ID:633954 Share Posted January 14, 2013 Updated. Did quick scan. Nothing found. My wireless connection died, and I had to reboot the computer we've been working on. With "nothing found," do you still need the report? Link to post Share on other sites More sharing options...
MrCharlie Posted January 14, 2013 ID:633955 Share Posted January 14, 2013 No, not needed.Run this when you get a chance...I'll be back in the morning~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Please download OTL from one of the links below:http://oldtimer.geekstogo.com/OTL.exehttp://www.itxassoci...T-Tools/OTL.exehttp://oldtimer.geekstogo.com/OTL.com (<---renamed version)Save it to your desktop.Double click on the icon on your desktop.Click the Scan All Users checkbox.Push the Quick Scan button.The scan will take about 10 minutes...depends on your hard drive size.Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedMrC Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 14, 2013 Author ID:633957 Share Posted January 14, 2013 Will do. Thanks. G'nite. Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 14, 2013 Author ID:634018 Share Posted January 14, 2013 I've tried to run OTL three times. It repeatedly stalls while scanning Firefox files. Link to post Share on other sites More sharing options...
MrCharlie Posted January 14, 2013 ID:634066 Share Posted January 14, 2013 Please download AdwCleaner from here and save it on your Desktop. AdwCleaner is a reliable removal tool for Adware, Foistware, toolbar and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.MrC Link to post Share on other sites More sharing options...
DaveUpNorth Posted January 14, 2013 Author ID:634074 Share Posted January 14, 2013 Here we go. I left AdwCleaner open, "waiting for action."AdwCleanerR1.txt Link to post Share on other sites More sharing options...
MrCharlie Posted January 14, 2013 ID:634079 Share Posted January 14, 2013 Lots of adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.~~~~~~~~~~~~~~~~~~~~~~I also noticed that Windows Defender is enabled:AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}Please disable it:http://www.howtogeek...ow-turn-it-off/MrC Link to post Share on other sites More sharing options...
Recommended Posts