nye2311 Posted October 17, 2013 ID:742912 Share Posted October 17, 2013 I have been having random ads playing while there are no programs running. I also have a notification that pops up and says "Windows must now restart because plug and play services terminated" and then my computer restarts shortly there after. Can anyone help me get rid of this??? Link to post Share on other sites More sharing options...
MrCharlie Posted October 17, 2013 ID:742920 Share Posted October 17, 2013 Welcome to the forum, please start HERE Post back the 2 logs here.....DDS.txt and Attach.txt (please don't put logs in code or quotes and use the default font) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. <====><====><====><====><====><====><====><====> Next................ Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
nye2311 Posted October 17, 2013 Author ID:742942 Share Posted October 17, 2013 I tried scanning with no success, here is the DDS.txt and ATTACH.txtDDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16686Run by wner at 0:52:56 on 2013-10-17Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1396 [GMT -4:00].AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4530.0\AdAwareService.exeC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\windows\system32\taskhost.exeC:\windows\system32\Dwm.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\windows\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exeC:\PROGRA~2\RADIOP~2\bar\1.bin\4ebarsvc.exeC:\windows\system32\svchost.exe -k imgsvcC:\windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\ThpSrv.exeC:\Windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\TOSHIBA\TECO\TecoService.exeC:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exeC:\windows\system32\SearchIndexer.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\windows\system32\igfxsrvc.exeC:\Program Files\TOSHIBA\SmoothView\SmoothView.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\TOSHIBA\TECO\Teco.exeC:\Windows\System32\ThpSrv.exeC:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exeC:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4530.0\AdAwareTray.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exeC:\windows\system32\igfxext.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\ProgramData\FLEXnet\Connect\11\ISUSPM.exeC:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exeC:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exeC:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebrmon.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Citrix\ICA Client\concentr.exeC:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exeC:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exeC:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exeC:\Program Files (x86)\Browny02\Brother\BrStMonW.exeC:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Program Files (x86)\Browny02\BrYNSvc.exeC:\Program Files (x86)\ControlCenter4\BrCcUxSys.exeC:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exeC:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\windows\system32\svchost.exe -k SDRSVCC:\windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: <No Name>: {8bc67b0f-a721-45e0-a0b6-db0121b0aade} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dlluURLSearchHooks: Systweak Toolbar: {424e2f9c-eb5b-4b51-87e5-5831781bc515} - C:\Program Files (x86)\Systweak\prxtbSyst.dllmURLSearchHooks: Systweak Toolbar: {424e2f9c-eb5b-4b51-87e5-5831781bc515} - C:\Program Files (x86)\Systweak\prxtbSyst.dllmWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dllBHO: Toolbar BHO: {35fd2bab-ab2b-494f-b5bf-8755ec043784} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dllBHO: Systweak Toolbar: {424e2f9c-eb5b-4b51-87e5-5831781bc515} - C:\Program Files (x86)\Systweak\prxtbSyst.dllBHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllBHO: Search Assistant BHO: {4adc9c1b-9c50-4c2d-a471-5c06d8de7e80} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dllBHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dllBHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dllBHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: MediaBar: {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dllBHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dllBHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: RadioPI: {92926B63-5116-4C6F-A33E-378767B8D15F} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dllTB: Systweak Toolbar: {424E2F9C-EB5B-4B51-87E5-5831781BC515} - C:\Program Files (x86)\Systweak\prxtbSyst.dllTB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllTB: MediaBar: {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dllTB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dllTB: RadioPI: {92926b63-5116-4c6f-a33e-378767b8d15f} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dllTB: Systweak Toolbar: {424e2f9c-eb5b-4b51-87e5-5831781bc515} - C:\Program Files (x86)\Systweak\prxtbSyst.dlluRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [EPSON Artisan 710 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIFSA.EXE /FU "C:\windows\TEMP\E_S5C93.tmp" /EF "HKCU"uRun: [Google Update] "C:\Users\wner\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeuRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeuRun: [startNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECTuRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduleruRun: [ConduitFloatingPlugin_dhoigiahaahldpgnbbimfecackdgccna] "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3267244\plugins\TBVerifier.dll",RunConduitFloatingPlugin dhoigiahaahldpgnbbimfecackdgccnauRun: [backgroundContainer] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRunmRun: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exemRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorunmRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exemRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exemRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startupmRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"mRun: [RadioPI Search Scope Monitor] "C:\PROGRA~2\RADIOP~2\bar\1.bin\4esrchmn.exe" /m=2 /w /hmRun: [RadioPI_4e Browser Plugin Loader] C:\PROGRA~2\RADIOP~2\bar\1.bin\4ebrmon.exemRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startupmRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exemRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exemRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorunmRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUNmRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentdRunOnce: [sPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601StartupFolder: C:\Users\wner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.2.1TCP: Interfaces\{47194CA8-C3F4-4FC0-9DE6-92BECEB0C004} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{47194CA8-C3F4-4FC0-9DE6-92BECEB0C004}\46C696E6B6 : DHCPNameServer = 192.168.0.1TCP: Interfaces\{47194CA8-C3F4-4FC0-9DE6-92BECEB0C004}\86163636F60756E677962756C6563737 : DHCPNameServer = 172.16.100.5 172.16.100.6TCP: Interfaces\{47194CA8-C3F4-4FC0-9DE6-92BECEB0C004}\A4574697 : DHCPNameServer = 68.87.75.198 68.87.64.150TCP: Interfaces\{47194CA8-C3F4-4FC0-9DE6-92BECEB0C004}\E4544574541425 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{5D574434-2DE5-43FE-A391-F6205F167213} : DHCPNameServer = 75.75.76.76 75.75.75.75Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllHandler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dllHandler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllHandler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dllAppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dllSSODL: WebCheck - <orphaned>x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEx64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exex64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exex64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exex64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /rx64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exex64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exex64-Run: [ThpSrv] C:\windows\System32\thpsrv /logonx64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exex64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exex64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exex64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4530.0\AdAwareTray.exe"x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dllx64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dllx64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2010-1-23 55280]R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-1-23 482384]R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2012-5-17 93272]R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);C:\windows\System32\drivers\NEOFLTR_650_14951.SYS [2010-2-14 100400]R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4530.0\AdAwareService.exe [2013-10-14 517344]R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]R2 RadioPI_4eService;RadioPIService;C:\PROGRA~2\RADIOP~2\bar\1.bin\4ebarsvc.exe [2011-12-12 42504]R2 rimspci;rimspci;C:\windows\System32\drivers\rimspe64.sys [2010-1-23 60416]R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2010-1-23 81408]R2 rixdpcie;rixdpcie;C:\windows\System32\drivers\rixdpe64.sys [2010-1-23 55808]R2 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2012-9-8 67664]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-1-23 2314240]R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-6-25 245760]R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-1-23 9216]R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-1-23 56344]R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2009-10-26 151936]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2009-10-30 244736]R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-1-23 35008]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-12-19 314400]R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2010-1-19 1088544]R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-1-23 51512]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-5 137560]R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-1-22 256336]S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-23 13336]S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-5-21 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-3-31 1255736].=============== Created Last 30 ================.2013-10-17 04:18:41 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys2013-10-17 03:54:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-10-17 01:39:12 -------- d-----w- C:\Users\wner\AppData\Local\Conduit2013-10-17 01:39:12 -------- d-----w- C:\ProgramData\Conduit2013-10-17 01:39:12 -------- d-----w- C:\Program Files (x86)\Systweak2013-10-17 01:38:34 -------- d-----w- C:\Users\wner\AppData\Local\CRE2013-10-17 01:38:33 -------- d-----w- C:\Program Files (x86)\Conduit2013-10-17 01:36:04 -------- d-----w- C:\Program Files (x86)\MyPC Backup2013-10-17 01:34:23 -------- d-----w- C:\Users\wner\AppData\Roaming\Systweak2013-10-17 01:34:22 20312 ----a-w- C:\windows\System32\roboot64.exe2013-10-17 01:34:18 -------- d-----w- C:\Program Files (x86)\RegClean Pro2013-10-16 16:04:20 -------- d-----w- C:\TDSSKiller_Quarantine2013-10-16 00:13:14 -------- d-----w- C:\Users\wner\AppData\Roaming\LavasoftStatistics2013-10-15 23:52:47 -------- d-----w- C:\Program Files\Lavasoft2013-10-15 23:52:32 -------- d-----w- C:\ProgramData\blekko toolbars2013-10-15 23:52:31 -------- d-----w- C:\Users\wner\AppData\Local\adawarebp2013-10-15 23:52:31 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection2013-10-15 23:52:23 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner2013-10-15 23:52:04 -------- d-----w- C:\Program Files (x86)\Lavasoft2013-10-15 23:40:31 -------- d-----w- C:\Program Files\Common Files\Lavasoft.==================== Find3M ====================.2013-10-11 16:24:42 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-11 16:24:42 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-08-10 05:22:18 2241024 ----a-w- C:\windows\System32\wininet.dll2013-08-10 05:20:59 3959296 ----a-w- C:\windows\System32\jscript9.dll2013-08-10 05:20:55 67072 ----a-w- C:\windows\System32\iesetup.dll2013-08-10 05:20:55 136704 ----a-w- C:\windows\System32\iesysprep.dll2013-08-10 03:59:10 1767936 ----a-w- C:\windows\SysWow64\wininet.dll2013-08-10 03:58:09 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll2013-08-10 03:58:06 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2013-08-10 03:58:06 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2013-08-10 03:17:38 2706432 ----a-w- C:\windows\System32\mshtml.tlb2013-08-10 03:07:50 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-08-10 02:27:59 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe2013-08-10 02:17:19 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe2013-08-08 01:20:43 3155456 ----a-w- C:\windows\System32\win32k.sys2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys2013-08-02 02:23:53 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe2013-08-02 02:15:44 1732032 ----a-w- C:\windows\System32\ntdll.dll2013-08-02 02:15:03 362496 ----a-w- C:\windows\System32\wow64win.dll2013-08-02 02:15:03 243712 ----a-w- C:\windows\System32\wow64.dll2013-08-02 02:15:03 13312 ----a-w- C:\windows\System32\wow64cpu.dll2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll2013-08-02 02:14:11 16384 ----a-w- C:\windows\System32\ntvdm64.dll2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll2013-08-02 01:59:30 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe2013-08-02 01:59:30 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe2013-08-02 01:51:23 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll2013-08-02 01:50:42 5120 ----a-w- C:\windows\SysWow64\wow32.dll2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe2013-08-02 00:45:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe2013-08-02 00:45:36 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll2013-08-02 00:45:35 7680 ----a-w- C:\windows\SysWow64\instnm.exe2013-08-02 00:45:34 2048 ----a-w- C:\windows\SysWow64\user.exe2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL.============= FINISH: 0:58:47.31 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 2/13/2010 1:48:59 PMSystem Uptime: 10/17/2013 12:19:36 AM (0 hours ago).Motherboard: TOSHIBA | | Portable PCProcessor: Intel® Core i3 CPU M 330 @ 2.13GHz | CPU | 2133/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 454 GiB total, 332.764 GiB free.D: is CDROM (CDFS).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP300: 10/2/2013 4:19:16 PM - Windows UpdateRP301: 10/7/2013 8:54:39 AM - Windows BackupRP302: 10/9/2013 7:55:44 AM - Windows UpdateRP303: 10/10/2013 9:25:44 PM - Restore OperationRP304: 10/10/2013 9:45:22 PM - Windows BackupRP305: 10/11/2013 12:23:22 PM - Windows UpdateRP306: 10/15/2013 7:18:02 PM - AA11RP307: 10/15/2013 7:18:07 PM - Windows BackupRP308: 10/15/2013 7:38:06 PM - AA11RP309: 10/16/2013 8:38:29 AM - Windows UpdateRP310: 10/16/2013 12:14:32 PM - Windows UpdateRP311: 10/16/2013 9:41:48 PM - RegClean Pro Wed, Oct 16, 13 21:41.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Ad-Aware AntivirusAd-Aware Security Add-onAdAwareInstallerAdAwareUpdaterAdobe AIRAdobe Flash Player 10 PluginAdobe Flash Player 11 ActiveXAdobe Reader 9.2AntimalwareEngineApple Application SupportApple Mobile Device SupportApple Software UpdateBest Buy Software InstallerBonjourBrother MFL-Pro Suite MFC-J835DWChinese Traditional Fonts Support For Adobe Reader 9Citrix Authentication ManagerCitrix ReceiverCitrix Receiver (HDX Flash Redirection)Citrix Receiver InsideCitrix Receiver(Aero)Citrix Receiver(DV)Citrix Receiver(USB)Compatibility Pack for the 2007 Office systemCoupon Printer for WindowsDolby Control CenterEPSON Artisan 710 Series Printer UninstallEpson Print CDEPSON Printer SoftwareEPSON ScanFile UploaderGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperiCloudIntel® Control CenterIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyiTunesJava 6 Update 14Juniper Networks Cache Cleaner 6.5.0Juniper Networks Host CheckerJuniper Networks Secure Application ManagerJuniper Networks Setup ClientJunk Mail filter updateLTCM ClientMalwarebytes Anti-Malware version 1.75.0.1300MediaBarMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Choice GuardMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office Home and Student 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Suite Activation AssistantMicrosoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2758694)MyPC BackupNikon TransferNuance PaperPort 12Nuance PDF Viewer PlusOnline Plug-inPaperPort Image Printer 64-bitPicture Control UtilityPlayReady PC Runtime amd64QuickTimeRealtek Ethernet Controller DriverRealtek WLAN DriverRegClean ProRevo Uninstaller 1.94RICOH R5U230 Media Driver ver.2.06.03.02Roxio BurnRoxio Express Labeler 3Roxio Roxio BurnRoxio Update ManagerSafariSAMSUNG USB Driver for Mobile PhonesScansoft PDF ProfessionalSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760411) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760585) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760591) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827326) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827329) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2827330) 32-Bit EditionSelf-service Plug-inShutterfly Express UploaderSpelling Dictionaries Support For Adobe Reader 9StartNow ToolbarSystweak Toolbar for IETOSHIBA AssistTOSHIBA Bulletin BoardTOSHIBA ConfigFreeTOSHIBA Disc CreatorTOSHIBA DVD PLAYERTOSHIBA eco UtilityTOSHIBA Extended Tiles for Windows Mobility CenterTOSHIBA Face RecognitionTOSHIBA HDD ProtectionTOSHIBA HDD/SSD AlertTOSHIBA Media ControllerTOSHIBA PC Health MonitorTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Service StationTOSHIBA USB Sleep and Charge UtilityTOSHIBA Value Added PackageTOSHIBA Web Camera ApplicationTrend Micro Titanium Maximum SecurityTrend Micro™ Titanium™ Maximum SecurityUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)ViewNXWindows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Movie MakerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live Upload ToolWindows Live Writer.==== Event Viewer Messages From Past Week ========.10/17/2013 12:26:22 AM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The system cannot find the file specified.10/17/2013 12:23:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.10/17/2013 12:23:04 AM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/17/2013 12:22:32 AM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.10/17/2013 12:21:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.10/17/2013 12:21:53 AM, Error: Service Control Manager [7000] - The Intel® Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/17/2013 12:20:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.10/17/2013 12:20:50 AM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/17/2013 12:17:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}10/17/2013 12:17:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}10/17/2013 12:17:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}10/17/2013 12:17:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}10/17/2013 12:17:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache spldr tmtdi Wanarpv610/16/2013 9:49:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.10/16/2013 9:49:17 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/16/2013 9:42:35 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.10/16/2013 9:42:35 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.10/16/2013 9:42:35 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.10/16/2013 9:21:44 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.10/16/2013 12:20:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.10/16/2013 12:20:51 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/16/2013 12:15:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070216: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2879017).10/16/2013 11:56:41 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.10/16/2013 10:04:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.10/16/2013 10:04:33 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/15/2013 7:14:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.10/15/2013 7:14:10 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/15/2013 7:13:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.10/15/2013 7:13:15 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.10/15/2013 7:13:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.10/15/2013 7:12:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.10/15/2013 7:12:40 PM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/15/2013 7:12:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}10/15/2013 7:12:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.10/15/2013 7:11:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.10/15/2013 7:10:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.10/14/2013 10:50:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.10/14/2013 10:49:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.10/12/2013 7:03:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.10/11/2013 2:02:24 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.10/10/2013 9:28:22 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted October 17, 2013 ID:743049 Share Posted October 17, 2013 Please uninstall these from your add/remove programs:StartNow ToolbarSystweak Toolbar for IEThen......Lets clean out any adware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
nye2311 Posted October 17, 2013 Author ID:743140 Share Posted October 17, 2013 I was able to remove the start now toolbar but I am unable to remove systweak toolbar.... It givesMe an error message that says cannot find.... Link to post Share on other sites More sharing options...
MrCharlie Posted October 17, 2013 ID:743142 Share Posted October 17, 2013 Move on to AdwCleaner and MB.MrC Link to post Share on other sites More sharing options...
nye2311 Posted October 17, 2013 Author ID:743194 Share Posted October 17, 2013 Here is the report from the Rogue Killer RogueKiller V8.7.4 _x64_ [Oct 16 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : wner [Admin rights]Mode : Scan -- Date : 10/17/2013 14:45:09| ARK || FAK || MBR |¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH][DLL] rundll32.exe -- C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll [7] -> rundll32.exe KILLED [TermProc]¤¤¤ Registry Entries : 6 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : BackgroundContainer ("C:\windows\SysWOW64\Rundll32.exe" "C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-3839042453-1268691679-135452235-1000\[...]\Run : BackgroundContainer ("C:\windows\SysWOW64\Rundll32.exe" "C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> FOUND[HJ TASKMAN] HKLM\[...]\Wow6432Node\[...]\Winlogon : TaskMan () -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] BackgroundContainer Startup Task : "C:\windows\SysWOW64\Rundll32.exe" - "C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HTS545050B9A300 +++++--- User ---[MBR] b5507210a52889c2c7446b54eadae934[bSP] 243743416e46f951508ec056ff5df4eb : Windows Vista MBR CodePartition table:0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464784 Mo2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954951680 | Size: 10655 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_10172013_144509.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted October 17, 2013 ID:743205 Share Posted October 17, 2013 Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
nye2311 Posted October 17, 2013 Author ID:743212 Share Posted October 17, 2013 Here is the report from ADWCleaner... # AdwCleaner v3.008 - Report created 17/10/2013 at 15:07:07# Updated 17/10/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : wner - WNER-PC# Running from : C:\Users\wner\Desktop\PrintCD.exe# Option : Clean***** [ Services ] *****[#] Service Deleted : BackupStack***** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\blekko toolbarsFolder Deleted : C:\ProgramData\ConduitFolder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\Program Files (x86)\Ask.comFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\iMesh ApplicationsFolder Deleted : C:\Program Files (x86)\MyPC BackupFolder Deleted : C:\Program Files (x86)\SystweakFolder Deleted : C:\Program Files (x86)\Toolbar CleanerFolder Deleted : C:\Program Files (x86)\WajamFolder Deleted : C:\Users\wner\AppData\Local\ConduitFolder Deleted : C:\Users\wner\AppData\Local\iMeshFolder Deleted : C:\Users\wner\AppData\Local\PackageAwareFolder Deleted : C:\Users\wner\AppData\Local\StartNowFolder Deleted : C:\Users\wner\AppData\Local\Temp\WajamFolder Deleted : C:\Users\wner\AppData\LocalLow\adawaretbFolder Deleted : C:\Users\wner\AppData\LocalLow\ConduitFolder Deleted : C:\Users\wner\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\wner\AppData\LocalLow\SystweakFolder Deleted : C:\Users\wner\AppData\Roaming\SystweakFolder Deleted : C:\Users\wner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC BackupFolder Deleted : C:\Users\wner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhoigiahaahldpgnbbimfecackdgccnaFile Deleted : C:\ENDFile Deleted : C:\windows\System32\roboot64.exeFile Deleted : C:\Users\wner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnkFile Deleted : C:\Users\wner\Desktop\MyPC Backup.lnk***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKCU\Software\Google\Chrome\Extensions\dhoigiahaahldpgnbbimfecackdgccnaKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhoigiahaahldpgnbbimfecackdgccnaKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3267244Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_dhoigiahaahldpgnbbimfecackdgccna]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [RadioPI Search Scope Monitor]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [RadioPI_4e Browser Plugin Loader]Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{424E2F9C-EB5B-4B51-87E5-5831781BC515}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCC8CB0E-9FE0-426E-84C4-A28F56C51606}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{424E2F9C-EB5B-4B51-87E5-5831781BC515}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{424E2F9C-EB5B-4B51-87E5-5831781BC515}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DCC8CB0E-9FE0-426E-84C4-A28F56C51606}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{424E2F9C-EB5B-4B51-87E5-5831781BC515}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DCC8CB0E-9FE0-426E-84C4-A28F56C51606}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0B102968-45CA-42E3-8C2D-904796FECA63}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FF2F3DE-61B7-4DAA-95F9-2235D8912D21}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{424E2F9C-EB5B-4B51-87E5-5831781BC515}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{424E2F9C-EB5B-4B51-87E5-5831781BC515}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{424E2F9C-EB5B-4B51-87E5-5831781BC515}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{424E2F9C-EB5B-4B51-87E5-5831781BC515}]Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}Key Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\DataMngrKey Deleted : HKCU\Software\ImeshKey Deleted : HKCU\Software\WajamKey Deleted : HKCU\Software\ZugoKey Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\AppDataLow\Software\adawaretbKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\iMeshMediabarTbKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\smartbarKey Deleted : HKCU\Software\AppDataLow\Software\systweakKey Deleted : HKLM\Software\adawaretbKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\iMeshMediabarTbKey Deleted : HKLM\Software\systweakKey Deleted : HKLM\Software\Toolbar CleanerKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretbKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh MediaBarKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar CleanerKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup***** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16686-\\ Google Chrome v[ File : C:\Users\wner\AppData\Local\Google\Chrome\User Data\Default\preferences ]Deleted : homepageDeleted : icon_urlDeleted : search_urlDeleted : keywordDeleted : urls_to_restore_on_startup*************************AdwCleaner[R0].txt - [9138 octets] - [17/10/2013 14:52:43]AdwCleaner[s0].txt - [8195 octets] - [17/10/2013 15:07:07]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8255 octets] ########## Will do MB now... Link to post Share on other sites More sharing options...
MrCharlie Posted October 17, 2013 ID:743216 Share Posted October 17, 2013 OK....MrC Link to post Share on other sites More sharing options...
nye2311 Posted October 17, 2013 Author ID:743301 Share Posted October 17, 2013 Unable to finish MB scan bc the pop up message comes up and then shuts down the computer Link to post Share on other sites More sharing options...
MrCharlie Posted October 18, 2013 ID:743306 Share Posted October 18, 2013 Unable to finish MB scan bc the pop up message comes up and then shuts down the computer What message?? Please run another scan with RogueKiller and post the new log. MrC Link to post Share on other sites More sharing options...
nye2311 Posted October 18, 2013 Author ID:743341 Share Posted October 18, 2013 RogueKiller V8.7.4 _x64_ [Oct 16 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : wner [Admin rights]Mode : Scan -- Date : 10/17/2013 21:57:55| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 6 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : BackgroundContainer ("C:\windows\SysWOW64\Rundll32.exe" "C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-3839042453-1268691679-135452235-1000\[...]\Run : BackgroundContainer ("C:\windows\SysWOW64\Rundll32.exe" "C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x]) -> FOUND[HJ TASKMAN] HKLM\[...]\Wow6432Node\[...]\Winlogon : TaskMan () -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] BackgroundContainer Startup Task : "C:\windows\SysWOW64\Rundll32.exe" - "C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HTS545050B9A300 +++++--- User ---[MBR] b5507210a52889c2c7446b54eadae934[bSP] 243743416e46f951508ec056ff5df4eb : Windows Vista MBR CodePartition table:0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464784 Mo2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954951680 | Size: 10655 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_10172013_215755.txt >>RKreport[0]_S_10172013_144509.txt;RKreport[0]_S_10172013_213842.txt Link to post Share on other sites More sharing options...
nye2311 Posted October 18, 2013 Author ID:743343 Share Posted October 18, 2013 The notification that pops up says "Windows must now restart because plug and play services terminated." and then the computer restarts shortly there after. Link to post Share on other sites More sharing options...
MrCharlie Posted October 18, 2013 ID:743473 Share Posted October 18, 2013 Please download and run ComboFix. The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop. Please visit this webpage for download links, and instructions for running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Information on disabling your malware programs can be found Here. Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed. Please include the C:\ComboFix.txt in your next reply for further review. ---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed. MrC Link to post Share on other sites More sharing options...
nye2311 Posted October 19, 2013 Author ID:743841 Share Posted October 19, 2013 I am unable to complete the combofix scan due to the notification that continues to pop up and then restart the computer Link to post Share on other sites More sharing options...
MrCharlie Posted October 19, 2013 ID:743885 Share Posted October 19, 2013 Download aswMBR to your desktop.http://public.avast.com/~gmerek/aswMBR.exeDouble click the aswMBR.exe to run it.If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".Click the "Scan" button to start scan.On completion of the scan click "Save log", save it to your desktop and post in your next reply.NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.MrC Link to post Share on other sites More sharing options...
nye2311 Posted October 21, 2013 Author ID:744375 Share Posted October 21, 2013 I downloaded the aswMBR and ran the scan... it ran for a while and then almost seemed to just pause.... it didn't give me a notification that the scan was completed... if that is what was supposed to happen and the scan did complete even though it didn't say it was done here is the copy of the log....aswMBR version 0.9.9.1771 Copyright© 2011 AVAST SoftwareRun date: 2013-10-20 20:30:29-----------------------------20:30:29.632 OS Version: Windows x64 6.1.7601 Service Pack 120:30:29.632 Number of processors: 4 586 0x250220:30:29.632 ComputerName: WNER-PC UserName: wner20:30:34.404 Initialize success20:31:04.371 AVAST engine defs: 1310200020:31:17.198 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-120:31:17.208 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 320:31:17.328 Disk 0 MBR read successfully20:31:17.328 Disk 0 MBR scan20:31:17.338 Disk 0 Windows VISTA default MBR code20:31:17.368 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 204820:31:17.398 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464784 MB offset 307404820:31:17.428 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10655 MB offset 95495168020:31:17.618 Disk 0 scanning C:\windows\system32\drivers20:31:36.994 Service scanning20:32:13.898 Modules scanning20:32:13.898 Disk 0 trace - called modules:20:32:13.978 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys20:32:13.978 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c1f060]20:32:13.988 3 CLASSPNP.SYS[fffff88000dae43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004c1e060]20:32:16.629 AVAST engine scan C:\windows20:32:35.270 AVAST engine scan C:\windows\system3220:37:41.502 AVAST engine scan C:\windows\system32\drivers20:38:00.954 AVAST engine scan C:\Users\wner20:55:19.144 File: C:\Users\wner\Desktop\iExplore.exe **INFECTED** Win32:Dropper-gen [Drp]21:13:30.827 Disk 0 MBR has been saved successfully to "C:\Users\wner\Desktop\MBR.dat"21:13:30.837 The log file has been saved successfully to "C:\Users\wner\Desktop\aswMBR.txt" Link to post Share on other sites More sharing options...
MrCharlie Posted October 21, 2013 ID:744488 Share Posted October 21, 2013 Do you have any idea what this file is:C:\Users\wner\Desktop\iExplore.exe 20:55:19.144 File: C:\Users\wner\Desktop\iExplore.exe **INFECTED** Win32:Dropper-gen [Drp] MrC Link to post Share on other sites More sharing options...
nye2311 Posted October 22, 2013 Author ID:744784 Share Posted October 22, 2013 I have no clue what it is or when/how it got there! Link to post Share on other sites More sharing options...
MrCharlie Posted October 22, 2013 ID:744786 Share Posted October 22, 2013 Can you find and delete it: C:\Users\wner\Desktop\iExplore.exe MrC Link to post Share on other sites More sharing options...
nye2311 Posted October 22, 2013 Author ID:744926 Share Posted October 22, 2013 done Link to post Share on other sites More sharing options...
MrCharlie Posted October 22, 2013 ID:744946 Share Posted October 22, 2013 Do you still get the message? MrC Link to post Share on other sites More sharing options...
nye2311 Posted October 22, 2013 Author ID:745009 Share Posted October 22, 2013 Yes and ads still play Link to post Share on other sites More sharing options...
MrCharlie Posted October 22, 2013 ID:745022 Share Posted October 22, 2013 What happens when you try and run ComboFix in safe mode?? MrC Link to post Share on other sites More sharing options...
Recommended Posts