Jump to content

Ammyy scam


Recommended Posts

Hello kandie1023 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please post them.

Link to post
Share on other sites

this was from dds

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by Candace at 10:19:00 on 2013-01-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1442 [GMT -5:00]

.

AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\ooVoo\ooVoo.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\windows\servicing\TrustedInstaller.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe

C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.toshiba.com/

uDefault_Page_URL = hxxp://start.toshiba.com

mStart Page = hxxp://www.yahoo.com/?ilc=8

mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8

uProxyOverride = <local>;*.local

mWinlogon: Userinit = userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll

TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{493D5611-3FA5-449E-AA1C-62393E38B3D3} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{493D5611-3FA5-449E-AA1C-62393E38B3D3}\76462757D6D6F6E6460313 : DHCPNameServer = 209.18.47.61 209.18.47.62 0.0.0.0

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Candace\AppData\Roaming\Mozilla\Firefox\Profiles\zw5bw0qb.default\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - ExtSQL: 2012-12-16 18:16; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn

FF - ExtSQL: 2013-01-11 10:02; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1300000.080\SymDS64.sys [2012-12-16 451192]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1300000.080\SymEFA64.sys [2012-12-16 1083512]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130116.013_ea4\BHDrvx64.sys [2013-1-16 1388120]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1300000.080\ccSetx64.sys [2012-12-16 165512]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130123.001\IDSviA64.sys [2013-1-23 513184]

R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1300000.080\Ironx64.sys [2012-12-16 189560]

R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1300000.080\symnets.sys [2012-12-16 396408]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-24 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-24 682344]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [2012-12-16 138760]

R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-12-16 123320]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-12-16 126392]

R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-10-29 3677000]

R2 sbapifs;sbapifs;C:\windows\System32\drivers\sbapifs.sys [2012-10-24 82872]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-10-29 175496]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-16 2656280]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-18 138912]

R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-12-16 9216]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-1-24 24176]

R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-12-16 38096]

R3 sbwtis;sbwtis;C:\windows\System32\drivers\sbwtis.sys [2012-10-24 86816]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-12-16 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2012-12-16 42096]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gfiark;gfiark;C:\windows\System32\drivers\gfiark.sys [2013-1-23 38096]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-12-16 243712]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-18 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-01-24 14:38:14 -------- d-----w- C:\Users\Candace\AppData\Roaming\Malwarebytes

2013-01-24 14:38:08 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-24 14:38:05 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-01-24 14:38:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-24 14:37:48 -------- d-----w- C:\Users\Candace\AppData\Local\Programs

2013-01-24 00:38:19 750592 ----a-w- C:\windows\System32\win32spl.dll

2013-01-24 00:36:34 424448 ----a-w- C:\windows\System32\KernelBase.dll

2013-01-24 00:34:21 38096 ----a-w- C:\windows\System32\drivers\gfiark.sys

2013-01-24 00:32:56 -------- d-----w- C:\ProgramData\GFI Software

2013-01-24 00:32:48 68608 ----a-w- C:\windows\System32\taskhost.exe

2013-01-24 00:32:47 3149824 ----a-w- C:\windows\System32\win32k.sys

2013-01-24 00:31:56 47496 ----a-w- C:\windows\System32\sbbd.exe

2013-01-24 00:31:14 -------- d-----w- C:\ProgramData\Downloaded Installations

2013-01-24 00:30:28 -------- d-----w- C:\Program Files (x86)\GFI Software

2013-01-24 00:30:17 -------- d-----w- C:\Users\Candace\AppData\Roaming\GFI Software

2013-01-23 22:55:27 -------- d-----w- C:\Users\Candace\AppData\Local\LogMeIn Rescue Applet

2013-01-23 22:52:43 -------- d-----w- C:\ProgramData\AMMYY

2013-01-22 18:58:29 -------- d-----w- C:\Users\Candace\AppData\Local\Deployment

2013-01-22 18:58:29 -------- d-----w- C:\Users\Candace\AppData\Local\Apps

2013-01-16 02:53:35 -------- d-----w- C:\Users\Candace\AppData\Local\Macromedia

2013-01-13 02:41:31 -------- d-----w- C:\Users\Candace\AppData\Roaming\WildTangent

2013-01-12 13:54:58 -------- d-----w- C:\Users\Candace\AppData\Local\Diagnostics

2013-01-11 16:44:31 -------- d-----w- C:\Program Files (x86)\Yahoo!

2013-01-11 15:43:03 -------- d-----w- C:\Users\Candace\AppData\Local\Adobe

2013-01-09 13:34:08 492032 ----a-w- C:\windows\SysWow64\win32spl.dll

2013-01-09 13:33:55 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll

2013-01-09 13:33:39 55296 ----a-w- C:\windows\SysWow64\cero.rs

2013-01-09 13:33:39 51712 ----a-w- C:\windows\SysWow64\esrb.rs

2013-01-09 13:33:39 23552 ----a-w- C:\windows\System32\oflc.rs

2013-01-09 13:33:00 3072 ---ha-w- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-01-09 13:33:00 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2013-01-08 17:48:17 -------- d-----w- C:\ProgramData\VirtualizedApplications

2013-01-08 15:37:53 -------- d-----w- C:\Users\Candace\AppData\Roaming\SoftGrid Client

2013-01-08 15:37:53 -------- d-----w- C:\Users\Candace\AppData\Local\SoftGrid Client

2013-01-08 15:36:45 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-01-08 15:36:23 -------- d-----w- C:\Users\Candace\AppData\Roaming\TP

2013-01-06 22:17:15 -------- d-----w- C:\f4d7b4a507489b0c85813f58fb

2013-01-04 00:45:29 -------- d-----w- C:\Program Files (x86)\Tango

2013-01-04 00:45:26 -------- d-----w- C:\Users\Candace\AppData\Local\tango

2013-01-03 14:46:22 -------- d-----w- C:\Users\Candace\AppData\Local\CrashDumps

2012-12-26 01:25:25 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A60723F8-CCE6-4DA8-8830-CA2D730D7947}\mpengine.dll

.

==================== Find3M ====================

.

2013-01-10 13:27:33 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-10 13:27:33 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-12-17 00:58:48 174200 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS

2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs

2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs

2012-12-07 10:46:42 43520 ----a-w- C:\windows\SysWow64\csrr.rs

2012-12-07 10:46:42 30720 ----a-w- C:\windows\SysWow64\usk.rs

2012-12-07 10:46:41 45568 ----a-w- C:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46:41 44544 ----a-w- C:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46:41 23552 ----a-w- C:\windows\SysWow64\oflc.rs

2012-12-07 10:46:41 20480 ----a-w- C:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46:40 20480 ----a-w- C:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46:39 46592 ----a-w- C:\windows\SysWow64\fpb.rs

2012-12-07 10:46:39 20480 ----a-w- C:\windows\SysWow64\pegi.rs

2012-12-07 10:46:38 21504 ----a-w- C:\windows\SysWow64\grb.rs

2012-12-07 10:46:37 40960 ----a-w- C:\windows\SysWow64\cob-au.rs

2012-12-07 10:46:37 15360 ----a-w- C:\windows\SysWow64\djctq.rs

2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll

2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

2012-11-01 05:43:42 2002432 ----a-w- C:\windows\System32\msxml6.dll

2012-11-01 05:43:42 1882624 ----a-w- C:\windows\System32\msxml3.dll

2012-11-01 04:47:54 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll

2012-11-01 04:47:54 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2012-10-30 03:33:16 47496 ----a-w- C:\windows\SysWow64\sbbd.exe

.

============= FINISH: 10:19:26.00 ===============

Link to post
Share on other sites

this was from attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/16/2012 6:13:11 PM

System Uptime: 1/24/2013 8:49:33 AM (2 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Pentium® CPU B950 @ 2.10GHz | CPU | 2100/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 284 GiB total, 238.727 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP14: 1/14/2013 10:09:20 AM - Windows Modules Installer

RP15: 1/14/2013 10:58:29 AM - Windows Modules Installer

RP16: 1/24/2013 7:51:04 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X MUI

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

Atheros Bluetooth Filter Driver Package

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Atheros Driver Installation Program

Bejeweled 3

Bluetooth Stack for Windows by Toshiba

Bonjour

Chuzzle Deluxe

Conexant HD Audio

D3DX10

FATE - The Traitor Soul

Fishdom 2

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 25

Junk Mail filter update

Label@Once 1.0

Malwarebytes Anti-Malware version 1.70.0.1100

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 18.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Norton Internet Security

ooVoo

ooVoo toolbar, powered by Ask.com Updater

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Polar Bowler

QuickTime

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Skype Click to Call

Skype Launcher

Skype™ 6.0

Synaptics Pointing Device Driver

Tango

Tom Clancy's Splinter Cell

Toshiba App Place

TOSHIBA Application Installer

TOSHIBA Assist

Toshiba Book Place

TOSHIBA Bulletin Board

TOSHIBA Disc Creator

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Laptop Checkup

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

Toshiba Online Backup

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Resolution+ Plug-in for Windows Media Player

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

TOSHIBA Wireless LAN Indicator

TOSHIBARegistration

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

VIPRE Antivirus

Virtual Villagers 5 - New Believers

WildTangent Games

WildTangent Games App (Toshiba Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

1/24/2013 8:50:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

1/24/2013 8:50:35 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/24/2013 8:44:50 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/24/2013 8:35:27 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/24/2013 8:35:20 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\athihvs.dll Error Code: 21

1/24/2013 8:35:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/24/2013 8:35:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/24/2013 8:35:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/24/2013 8:35:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/24/2013 8:35:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6

1/24/2013 8:35:01 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

1/23/2013 7:24:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64

1/20/2013 12:27:14 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.5 with the system having network hardware address 74-E1-B6-AA-B7-2C. Network operations on this system may be disrupted as a result.

.

==== End Of File ===========================

Link to post
Share on other sites

this was from mabam-log-2013-01-24 (09-51-15)

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.24.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Candace :: CANDACE-PC [administrator]

Protection: Enabled

1/24/2013 9:51:15 AM

mbam-log-2013-01-24 (09-51-15).txt

Scan type: Full scan (C:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 395020

Time elapsed: 2 hour(s), 14 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall VIPRE Antivirus and to keep Norton Internet Security, but only if you have license for it, if not uninstall it.

Also, please uninstall:

Ask Toolbar

ooVoo toolbar, powered by Ask.com Updater

Finally, restart your computer.

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log
  • a new fresh DDS log

Link to post
Share on other sites

this is /

this is from jrt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.5.0 (01.23.2013:2)

OS: Windows 7 Home Premium x64

Ran by Candace on Fri 01/25/2013 at 12:31:15.52

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 01/25/2013 at 12:41:32.40

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

\\\\\\\

Link to post
Share on other sites

this is mbam-log-2-013-01-25 (12-52-39)

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.25.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Candace :: CANDACE-PC [administrator]

Protection: Enabled

1/25/2013 12:52:39 PM

mbam-log-2013-01-25 (12-52-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 231316

Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

this is from eset online

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=88d15dab79475e4c987b2ef49726668e

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-25 11:47:43

# local_time=2013-01-25 06:47:43 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 0 110701113 0 0

# scanned=177647

# found=1

# cleaned=1

# scan_time=10447

C:\Backup_16-Dec-12\Candace\AppData\Local\Google\Chrome\User Data\Default\Default\aadcgbdadagfgbdidfdddgdgdegegdda\background.html Win32/BHO.OEI trojan (cleaned by deleting - quarantined) F49BAD3EB51E48D9DE6E2BE85C30A3DADECF5379 C

Link to post
Share on other sites

this is attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/16/2012 6:13:11 PM

System Uptime: 1/25/2013 12:27:17 PM (7 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Pentium® CPU B950 @ 2.10GHz | CPU | 1281/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 284 GiB total, 235.184 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP14: 1/14/2013 10:09:20 AM - Windows Modules Installer

RP15: 1/14/2013 10:58:29 AM - Windows Modules Installer

RP16: 1/24/2013 7:51:04 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X MUI

Apple Mobile Device Support

Apple Software Update

Atheros Bluetooth Filter Driver Package

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Atheros Driver Installation Program

Bejeweled 3

Bluetooth Stack for Windows by Toshiba

Bonjour

Chuzzle Deluxe

Conexant HD Audio

D3DX10

ESET Online Scanner v3

FATE - The Traitor Soul

Fishdom 2

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 25

Junk Mail filter update

Label@Once 1.0

Malwarebytes Anti-Malware version 1.70.0.1100

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 18.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

ooVoo

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Polar Bowler

QuickTime

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Skype Click to Call

Skype Launcher

Skype™ 6.0

Synaptics Pointing Device Driver

Tango

Tom Clancy's Splinter Cell

Toshiba App Place

TOSHIBA Application Installer

TOSHIBA Assist

Toshiba Book Place

TOSHIBA Bulletin Board

TOSHIBA Disc Creator

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Laptop Checkup

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

Toshiba Online Backup

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Resolution+ Plug-in for Windows Media Player

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

TOSHIBA Wireless LAN Indicator

TOSHIBARegistration

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

Virtual Villagers 5 - New Believers

WildTangent Games

WildTangent Games App (Toshiba Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Messenger

Yahoo! Software Update

Zuma's Revenge

.

==== End Of File ===========================

Link to post
Share on other sites

this is dds

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by Candace at 19:34:07 on 2013-01-25

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1584 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\windows\system32\Dwm.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\ooVoo\ooVoo.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\windows\system32\wuauclt.exe

C:\windows\explorer.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.toshiba.com/

uDefault_Page_URL = hxxp://start.toshiba.com

mStart Page = hxxp://www.yahoo.com/?ilc=8

mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8

uProxyOverride = <local>;*.local

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: NameServer = 209.18.47.61 209.18.47.62 0.0.0.0

TCP: Interfaces\{493D5611-3FA5-449E-AA1C-62393E38B3D3} : DHCPNameServer = 209.18.47.61 209.18.47.62 0.0.0.0

TCP: Interfaces\{493D5611-3FA5-449E-AA1C-62393E38B3D3}\7602462757D6D6F6E646 : DHCPNameServer = 192.168.2.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://start.toshiba.com/

x64-mDefault_Page_URL = hxxp://start.toshiba.com/

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Candace\AppData\Roaming\Mozilla\Firefox\Profiles\zw5bw0qb.default\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - ExtSQL: 2012-12-16 18:16; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn

FF - ExtSQL: 2013-01-11 10:02; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn

.

============= SERVICES / DRIVERS ===============

.

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-24 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-24 682344]

R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-12-16 123320]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-12-16 126392]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-16 2656280]

R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-12-16 9216]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-1-24 24176]

R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-12-16 38096]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-12-16 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2012-12-16 42096]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-12-16 243712]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-18 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-01-25 20:51:52 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C72A9F3-0DE9-4639-94A4-E520AB8B2BF6}\offreg.dll

2013-01-25 18:02:07 -------- d-----w- C:\Program Files (x86)\ESET

2013-01-25 17:31:14 -------- d-----w- C:\windows\ERUNT

2013-01-25 17:30:31 -------- d-----w- C:\JRT

2013-01-25 17:25:13 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C72A9F3-0DE9-4639-94A4-E520AB8B2BF6}\mpengine.dll

2013-01-25 13:11:28 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2013-01-24 14:38:14 -------- d-----w- C:\Users\Candace\AppData\Roaming\Malwarebytes

2013-01-24 14:38:08 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-24 14:38:05 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-01-24 14:38:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-24 14:37:48 -------- d-----w- C:\Users\Candace\AppData\Local\Programs

2013-01-24 00:38:19 750592 ----a-w- C:\windows\System32\win32spl.dll

2013-01-24 00:36:34 424448 ----a-w- C:\windows\System32\KernelBase.dll

2013-01-24 00:32:48 68608 ----a-w- C:\windows\System32\taskhost.exe

2013-01-24 00:32:47 3149824 ----a-w- C:\windows\System32\win32k.sys

2013-01-24 00:31:14 -------- d-----w- C:\ProgramData\Downloaded Installations

2013-01-23 22:55:27 -------- d-----w- C:\Users\Candace\AppData\Local\LogMeIn Rescue Applet

2013-01-23 22:52:43 -------- d-----w- C:\ProgramData\AMMYY

2013-01-22 18:58:29 -------- d-----w- C:\Users\Candace\AppData\Local\Deployment

2013-01-22 18:58:29 -------- d-----w- C:\Users\Candace\AppData\Local\Apps

2013-01-16 02:53:35 -------- d-----w- C:\Users\Candace\AppData\Local\Macromedia

2013-01-13 02:41:31 -------- d-----w- C:\Users\Candace\AppData\Roaming\WildTangent

2013-01-12 13:54:58 -------- d-----w- C:\Users\Candace\AppData\Local\Diagnostics

2013-01-11 16:44:31 -------- d-----w- C:\Program Files (x86)\Yahoo!

2013-01-11 15:43:03 -------- d-----w- C:\Users\Candace\AppData\Local\Adobe

2013-01-09 13:34:08 492032 ----a-w- C:\windows\SysWow64\win32spl.dll

2013-01-09 13:33:55 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll

2013-01-09 13:33:39 55296 ----a-w- C:\windows\SysWow64\cero.rs

2013-01-09 13:33:39 51712 ----a-w- C:\windows\SysWow64\esrb.rs

2013-01-09 13:33:39 23552 ----a-w- C:\windows\System32\oflc.rs

2013-01-09 13:33:00 3072 ---ha-w- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-01-09 13:33:00 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2013-01-08 17:48:17 -------- d-----w- C:\ProgramData\VirtualizedApplications

2013-01-08 15:37:53 -------- d-----w- C:\Users\Candace\AppData\Roaming\SoftGrid Client

2013-01-08 15:37:53 -------- d-----w- C:\Users\Candace\AppData\Local\SoftGrid Client

2013-01-08 15:36:45 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-01-08 15:36:23 -------- d-----w- C:\Users\Candace\AppData\Roaming\TP

2013-01-06 22:17:15 -------- d-----w- C:\f4d7b4a507489b0c85813f58fb

2013-01-04 00:45:29 -------- d-----w- C:\Program Files (x86)\Tango

2013-01-04 00:45:26 -------- d-----w- C:\Users\Candace\AppData\Local\tango

2013-01-03 14:46:22 -------- d-----w- C:\Users\Candace\AppData\Local\CrashDumps

.

==================== Find3M ====================

.

2013-01-10 13:27:33 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-10 13:27:33 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs

2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs

2012-12-07 10:46:42 43520 ----a-w- C:\windows\SysWow64\csrr.rs

2012-12-07 10:46:42 30720 ----a-w- C:\windows\SysWow64\usk.rs

2012-12-07 10:46:41 45568 ----a-w- C:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46:41 44544 ----a-w- C:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46:41 23552 ----a-w- C:\windows\SysWow64\oflc.rs

2012-12-07 10:46:41 20480 ----a-w- C:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46:40 20480 ----a-w- C:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46:39 46592 ----a-w- C:\windows\SysWow64\fpb.rs

2012-12-07 10:46:39 20480 ----a-w- C:\windows\SysWow64\pegi.rs

2012-12-07 10:46:38 21504 ----a-w- C:\windows\SysWow64\grb.rs

2012-12-07 10:46:37 40960 ----a-w- C:\windows\SysWow64\cob-au.rs

2012-12-07 10:46:37 15360 ----a-w- C:\windows\SysWow64\djctq.rs

2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll

2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

2012-11-01 05:43:42 2002432 ----a-w- C:\windows\System32\msxml6.dll

2012-11-01 05:43:42 1882624 ----a-w- C:\windows\System32\msxml3.dll

2012-11-01 04:47:54 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll

2012-11-01 04:47:54 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

.

============= FINISH: 19:34:35.71 ===============

Link to post
Share on other sites

I guess we found the problem:

C:\Backup_16-Dec-12\Candace\AppData\Local\Google\Chrome\User Data\Default\Default\aadcgbdadagfgbdidfdddgdgdegegdda\background.html Win32/BHO.OEI trojan (cleaned by deleting - quarantined) F49BAD3EB51E48D9DE6E2BE85C30A3DADECF5379 C

It was in your backup. Please reset your Chrome for sure.

http://googlechrometutorial.com/google-chrome-initial-settings/Google-chrome-reset-default-page-settings.html

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.