Jump to content

Even More Problems AFTER running Malwarebytes Anti-Malware


Recommended Posts

A few months ago I downloaded Malwarebytes Anti-Malware and ran a full scan. It identified several potential threats. I quarantined them and deleted them. Immediately afterward I started having system issues, (i.e., frequent crashes, boot-up failures, errors when starting software or when going into windows). After about a month of this, I figured I should run a system restore to a date prior to installing Malwarebytes assuming that my deleting one or more of these "potential threats" is what was causing my system problems. Unfortunately the only choices for restore dates were subsequent to my installing and running the scan.

 

One of my biggest issues is my inability to start QuickBooks--my business accounting software. I get a Windows Installer--Preparing to install message that won't go away until I close it with Task Manager.

 

Please Help! I recently ran a scan again and it found 21 more "PUP" files. I decided to just exit without deleting them, for now. I don't need any more problems

Link to post
Share on other sites

Attached are the latest logs:

 

10/29/13 is the one where it seems like the problems began.

11/4/13 was an attempt to correct the problems but it didn't find any malware.

12/2/13 (today) was to see if there was anything else. It shows 21 objects. I have not deleted them.

 

mbam-log-2013-10-29 (12-50-03).txtmbam-log-2013-11-04 (05-48-57).txtMBAM-log-2013-12-02 (20-39-39).txt

Link to post
Share on other sites

Hello HTrueOLLC! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

DDS.txt and Attach.txt files are copied and pasted below:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2

Run by Cliff at 5:02:13 on 2013-12-04

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3965.2128 [GMT -6:00]

.

AV: AVG update module *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG update module *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\System32\p2phost.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe

C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\SBC\update\SST.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe

C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

uURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

mURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll

BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

TB: NCH Toolbar: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\prxtbNCH.dll

TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [CollaborationHost] C:\Windows\System32\p2phost.exe -s

uRun: [Data Backup] "C:\Program Files (x86)\Data Backup\Data Backup Client\databackup.exe" -boot 

uRun: [ROC_ROC_APR2013_AV] C:\Users\Cliff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013

uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun

uRun: [AVG-Secure-Search-Update_0913a] C:\Users\Cliff\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID 0913a

mRun: [NDSTray.exe] NDSTray.exe

mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"

mRun: [sBC_McciTrayApp] "C:\Program Files (x86)\SBC\update\SST.exe"

mRun: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"

mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:149

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{CEA8B200-FA0D-44D0-B32C-23863A268814} : DHCPNameServer = 128.249.38.101 128.249.38.102 128.249.237.101

TCP: Interfaces\{EE9B0169-6473-4439-BE8D-F45F719C9A9B} : DHCPNameServer = 192.168.1.254

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe

x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe

x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide

x64-mPolicies-Explorer: NoActiveDesktop = dword:1

x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

x64-mPolicies-System: EnableUIADesktopToggle = dword:0

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - <orphaned>

x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - LocalServer32 - <no file>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 

x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-8-13 55856]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2007-8-20 531968]

R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-4-16 87600]

R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2009-2-23 26624]

R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-4-18 308296]

R2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2009-12-5 376400]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2007-12-25 40960]

R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584]

R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]

R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2007-8-20 46392]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-12-10 479224]

R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-5-10 130560]

R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-5-10 483328]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2007-11-1 293376]

R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\CHDART64.sys [2008-2-1 222720]

R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2008-1-15 58328]

R3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2008-1-8 51544]

R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2007-4-9 9728]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]

S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-9-3 3538480]

S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-22 301152]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate1c9c0688f8ebe14;Google Update Service (gupdate1c9c0688f8ebe14);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-18 133104]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-5-10 1858048]

S3 acsint;acsint;C:\Windows\System32\drivers\acsint64.sys [2013-2-25 49104]

S3 acsmux;acsmux;C:\Windows\System32\drivers\acsmux64.sys [2012-12-10 73168]

S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-22 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2009-2-23 937984]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-4-18 102472]

S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-4-18 40904]

S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-4-18 49480]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2007-12-28 391680]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-21 89920]

S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2007-8-20 248320]

S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2007-8-20 237568]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

.

==================== Find3M  ====================

.

2013-11-28 17:49:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-11-28 17:49:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-26 01:32:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-11-26 01:32:26 264616 ----a-w- C:\Windows\SysWow64\javaws.exe

2013-11-26 01:32:26 175016 ----a-w- C:\Windows\SysWow64\javaw.exe

2013-11-26 01:32:26 174504 ----a-w- C:\Windows\SysWow64\java.exe

2013-11-18 02:29:40 82896128 ----a-w- C:\Windows\System32\mrt.exe

2013-11-11 11:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-10-13 15:58:41 17847296 ----a-w- C:\Windows\System32\mshtml.dll

2013-10-13 15:09:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll

2013-10-13 14:55:42 2334720 ----a-w- C:\Windows\System32\jscript9.dll

2013-10-13 14:48:43 1346560 ----a-w- C:\Windows\System32\urlmon.dll

2013-10-13 14:47:43 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-10-13 14:46:53 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-10-13 14:46:27 237056 ----a-w- C:\Windows\System32\url.dll

2013-10-13 14:44:28 85504 ----a-w- C:\Windows\System32\jsproxy.dll

2013-10-13 14:42:38 816640 ----a-w- C:\Windows\System32\jscript.dll

2013-10-13 14:42:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-10-13 14:42:11 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-10-13 14:39:50 2147840 ----a-w- C:\Windows\System32\iertutil.dll

2013-10-13 14:38:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll

2013-10-13 14:36:11 96768 ----a-w- C:\Windows\System32\mshtmled.dll

2013-10-13 14:35:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-10-13 14:29:31 248320 ----a-w- C:\Windows\System32\ieui.dll

2013-10-13 10:42:12 12344832 ----a-w- C:\Windows\SysWow64\mshtml.dll

2013-10-13 10:08:04 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll

2013-10-13 09:48:06 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-10-13 09:37:03 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll

2013-10-13 09:35:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-10-13 09:35:38 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-10-13 09:33:57 231936 ----a-w- C:\Windows\SysWow64\url.dll

2013-10-13 09:32:00 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll

2013-10-13 09:30:20 717824 ----a-w- C:\Windows\SysWow64\jscript.dll

2013-10-13 09:30:14 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-10-13 09:29:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-10-13 09:27:43 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll

2013-10-13 09:27:40 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll

2013-10-13 09:26:08 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll

2013-10-13 09:25:39 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-10-13 09:20:51 176640 ----a-w- C:\Windows\SysWow64\ieui.dll

2013-10-11 04:23:42 462848 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-11 04:23:21 781824 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-11 02:07:57 596480 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2013-10-03 15:03:41 389632 ----a-w- C:\Windows\System32\gdi32.dll

2013-10-03 15:02:58 1278976 ----a-w- C:\Windows\System32\crypt32.dll

2013-10-03 12:46:36 304128 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-10-03 12:45:45 993792 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-09-26 02:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys

2013-09-18 20:08:56 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll

2013-09-09 03:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2012-09-18 11:32:20 4096000 ----a-w- C:\Program Files (x86)\GUT4538.tmp

.

============= FINISH:  5:02:57.33 ===============

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2

Run by Cliff at 5:02:13 on 2013-12-04

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3965.2128 [GMT -6:00]

.

AV: AVG update module *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG update module *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\System32\p2phost.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe

C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\SBC\update\SST.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe

C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

uURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

mURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll

BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

TB: NCH Toolbar: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\prxtbNCH.dll

TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [CollaborationHost] C:\Windows\System32\p2phost.exe -s

uRun: [Data Backup] "C:\Program Files (x86)\Data Backup\Data Backup Client\databackup.exe" -boot 

uRun: [ROC_ROC_APR2013_AV] C:\Users\Cliff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013

uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun

uRun: [AVG-Secure-Search-Update_0913a] C:\Users\Cliff\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID 0913a

mRun: [NDSTray.exe] NDSTray.exe

mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"

mRun: [sBC_McciTrayApp] "C:\Program Files (x86)\SBC\update\SST.exe"

mRun: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"

mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:149

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{CEA8B200-FA0D-44D0-B32C-23863A268814} : DHCPNameServer = 128.249.38.101 128.249.38.102 128.249.237.101

TCP: Interfaces\{EE9B0169-6473-4439-BE8D-F45F719C9A9B} : DHCPNameServer = 192.168.1.254

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe

x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe

x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide

x64-mPolicies-Explorer: NoActiveDesktop = dword:1

x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

x64-mPolicies-System: EnableUIADesktopToggle = dword:0

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - <orphaned>

x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - LocalServer32 - <no file>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 

x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-8-13 55856]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2007-8-20 531968]

R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-4-16 87600]

R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2009-2-23 26624]

R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-4-18 308296]

R2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2009-12-5 376400]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2007-12-25 40960]

R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584]

R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]

R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2007-8-20 46392]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-12-10 479224]

R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-5-10 130560]

R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-5-10 483328]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2007-11-1 293376]

R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\CHDART64.sys [2008-2-1 222720]

R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2008-1-15 58328]

R3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2008-1-8 51544]

R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2007-4-9 9728]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]

S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-9-3 3538480]

S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-22 301152]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate1c9c0688f8ebe14;Google Update Service (gupdate1c9c0688f8ebe14);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-18 133104]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-5-10 1858048]

S3 acsint;acsint;C:\Windows\System32\drivers\acsint64.sys [2013-2-25 49104]

S3 acsmux;acsmux;C:\Windows\System32\drivers\acsmux64.sys [2012-12-10 73168]

S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-22 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2009-2-23 937984]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-4-18 102472]

S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-4-18 40904]

S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-4-18 49480]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2007-12-28 391680]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-21 89920]

S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2007-8-20 248320]

S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2007-8-20 237568]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

.

==================== Find3M  ====================

.

2013-11-28 17:49:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-11-28 17:49:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-26 01:32:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-11-26 01:32:26 264616 ----a-w- C:\Windows\SysWow64\javaws.exe

2013-11-26 01:32:26 175016 ----a-w- C:\Windows\SysWow64\javaw.exe

2013-11-26 01:32:26 174504 ----a-w- C:\Windows\SysWow64\java.exe

2013-11-18 02:29:40 82896128 ----a-w- C:\Windows\System32\mrt.exe

2013-11-11 11:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-10-13 15:58:41 17847296 ----a-w- C:\Windows\System32\mshtml.dll

2013-10-13 15:09:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll

2013-10-13 14:55:42 2334720 ----a-w- C:\Windows\System32\jscript9.dll

2013-10-13 14:48:43 1346560 ----a-w- C:\Windows\System32\urlmon.dll

2013-10-13 14:47:43 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-10-13 14:46:53 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-10-13 14:46:27 237056 ----a-w- C:\Windows\System32\url.dll

2013-10-13 14:44:28 85504 ----a-w- C:\Windows\System32\jsproxy.dll

2013-10-13 14:42:38 816640 ----a-w- C:\Windows\System32\jscript.dll

2013-10-13 14:42:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-10-13 14:42:11 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-10-13 14:39:50 2147840 ----a-w- C:\Windows\System32\iertutil.dll

2013-10-13 14:38:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll

2013-10-13 14:36:11 96768 ----a-w- C:\Windows\System32\mshtmled.dll

2013-10-13 14:35:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-10-13 14:29:31 248320 ----a-w- C:\Windows\System32\ieui.dll

2013-10-13 10:42:12 12344832 ----a-w- C:\Windows\SysWow64\mshtml.dll

2013-10-13 10:08:04 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll

2013-10-13 09:48:06 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-10-13 09:37:03 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll

2013-10-13 09:35:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-10-13 09:35:38 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-10-13 09:33:57 231936 ----a-w- C:\Windows\SysWow64\url.dll

2013-10-13 09:32:00 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll

2013-10-13 09:30:20 717824 ----a-w- C:\Windows\SysWow64\jscript.dll

2013-10-13 09:30:14 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-10-13 09:29:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-10-13 09:27:43 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll

2013-10-13 09:27:40 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll

2013-10-13 09:26:08 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll

2013-10-13 09:25:39 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-10-13 09:20:51 176640 ----a-w- C:\Windows\SysWow64\ieui.dll

2013-10-11 04:23:42 462848 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-11 04:23:21 781824 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-11 02:07:57 596480 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2013-10-03 15:03:41 389632 ----a-w- C:\Windows\System32\gdi32.dll

2013-10-03 15:02:58 1278976 ----a-w- C:\Windows\System32\crypt32.dll

2013-10-03 12:46:36 304128 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-10-03 12:45:45 993792 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-09-26 02:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys

2013-09-18 20:08:56 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll

2013-09-09 03:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2012-09-18 11:32:20 4096000 ----a-w- C:\Program Files (x86)\GUT4538.tmp

.

============= FINISH:  5:02:57.33 ===============

Link to post
Share on other sites

Below are my last three scan logs copied and pasted beginning with the most current:

 

___________________

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.02.04

 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Cliff :: CLIFF-PC [administrator]

 

12/2/2013 5:27:41 AM

MBAM-log-2013-12-02 (20-39-39).txt

 

Scan type: Full scan (C:\|G:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 543218

Time elapsed: 2 hour(s), 25 minute(s), 59 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKLM\SOFTWARE\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb (PUP.Optional.MultiIE) -> No action taken.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 5

C:\Users\Cliff\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\Cliff\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb (PUP.Optional.MultiIE) -> No action taken.

C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0 (PUP.Optional.MultiIE) -> No action taken.

C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\plugin (PUP.Optional.MultiIE) -> No action taken.

 

Files Detected: 15

C:\Users\Cliff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IH1AEBM\mism[1].exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\Cliff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1VRNI4F\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\Cliff\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\Cliff\AppData\Local\Temp\ct3288691\ism.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\Cliff\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\Cliff\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\Cliff\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\background.html (PUP.Optional.MultiIE) -> No action taken.

C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\contentscript.js (PUP.Optional.MultiIE) -> No action taken.

C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\icon.png (PUP.Optional.MultiIE) -> No action taken.

C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\icon128.png (PUP.Optional.MultiIE) -> No action taken.

C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\icon16.png (PUP.Optional.MultiIE) -> No action taken.

C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\icon48.png (PUP.Optional.MultiIE) -> No action taken.

C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\manifest.json (PUP.Optional.MultiIE) -> No action taken.

C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\plugin\gc_getcid.dll (PUP.Optional.MultiIE) -> No action taken.

 

(end)

 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.29.08
 
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Cliff :: CLIFF-PC [administrator]
 
11/4/2013 5:48:57 AM
mbam-log-2013-11-04 (05-48-57).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232163
Time elapsed: 25 minute(s), 48 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.29.08
 
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Cliff :: CLIFF-PC [administrator]
 
10/29/2013 12:50:03 PM
mbam-log-2013-10-29 (12-50-03).txt
 
Scan type: Full scan (C:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 511235
Time elapsed: 3 hour(s), 5 minute(s), 56 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 8
HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
HKCR\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
HKCR\DynConIE.DynConIEObject.1 (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
HKCR\DynConIE.DynConIEObject (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Program Files (x86)\UnfriendApp\IE\common.dll (PUP.Optional.SafeMonitor.A) -> Quarantined and deleted successfully.
C:\Users\Cliff\Downloads\mplayer_Setup.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites

I did it before, but here it is, again:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium 

Boot Device: \Device\HarddiskVolume2

Install Date: 2/23/2009 4:41:54 AM

System Uptime: 12/3/2013 2:26:05 PM (15 hours ago)

.

Motherboard: TOSHIBA |  | Satellite P305D

Processor: AMD Turion 64 X2 Mobile Technology TL-60 | Socket M2/S1G1 | 2000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 12.362 GiB free.

D: is CDROM (CDFS)

E: is Removable

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0004

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #2

PNP Device ID: ROOT\*ISATAP\0004

Service: tunnel

.

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}

Description: A3682YS3 IDE Controller

Device ID: ACPI\PNPA000\4&5D18F2DF&0

Manufacturer: (Standard mass storage controllers)

Name: A3682YS3 IDE Controller

PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0

Service: ajzjgrp6

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

RP1711: 12/2/2013 8:16:45 AM - Scheduled Checkpoint

RP1712: 12/3/2013 6:07:23 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Common File Installer

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Premiere Elements 4.0

Adobe Premiere Elements 4.0 Templates

Adobe Reader X (10.1.8)

Adobe Shockwave Player 11.5

Amazon Links

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Driver Installation Program

Atheros Wi-Fi Protected Setup Library

ATI Catalyst Install Manager

AVG 2014

Battlefield Heroes

Big Fish Games: Game Manager

Bing Bar

Bing Rewards Client Installer

Bluetooth Stack for Windows by Toshiba

Bonjour

Camera Assistant Software for Toshiba

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center HydraVision Full

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CD/DVD Drive Acoustic Silencer

Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client 

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Command & Conquer 3 Tiberium Wars™

Command & Conquer The First Decade

Compatibility Pack for the 2007 Office system

Conduit Engine

Conexant HD Audio

CyberLink PowerCinema for TOSHIBA

D3DX10

Data Backup

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

DVD MovieFactory for TOSHIBA

Express Burn Disc Burning Software

FamilySearch Indexing

FileZilla Client 3.3.2.1

Fitbit Connect

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

InterActual Player

iTunes

Java 7 Update 45

Java Auto Updater

Junk Mail filter update

Loki ActiveX Control

Malwarebytes Anti-Malware version 1.75.0.1300

Marvell Miniport Driver

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2003 Primary Interop Assemblies

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office File Validation Add-In

Microsoft Office Outlook Connector

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Office Suite Activation Assistant

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft UI Engine

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Works

Microsoft XML Parser

MixPad Audio Mixer

Move Media Player

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

My DSC

NCH Tone Generator

NCH Toolbar

O2Micro Flash Memory Card Reader Driver (x64)

Origin

Pixillion Image Converter

ProtectDisc Driver, Version 11

PunkBuster Services

QuickBooks

QuickBooks Pro 2010

QuickBooks Pro 99

QuickTime

Riffplayer 0.4.3

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Security Update for Windows Media Player (KB2845142)

Segoe UI

SharpEye Music Reader 2

Skins

Skype Click to Call

Skype™ 6.0

Stronghold Crusader Extreme

Stronghold Legends

Synaptics Pointing Device Driver

Tank-o-Box

Toshiba Assist

TOSHIBA ConfigFree

TOSHIBA Desktop Links

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA Recovery Disc Creator

Toshiba Registration

TOSHIBA Service Station

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

Tradewinds - Caravans

Tradewinds 2

Tradewinds Legends

Tradewinds Odyssey

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

UnfriendApp

Uninstall FamilySearch Indexing

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update Installer for WildTangent Games App

VC80CRTRedist - 8.0.50727.6195

Version 4.4 Demo

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

Visual Studio 2012 x64 Redistributables

Visual Studio 2012 x86 Redistributables

VLC media player 2.0.5

Vuze Remote Toolbar

WavePad Sound Editor

WD SmartWare

WildTangent Games

WildTangent Games App (Toshiba Games)

Windows 7 Upgrade Advisor

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

Windows Media Lite 2.3.0

.

==== Event Viewer Messages From Past Week ========

.

12/4/2013 5:00:35 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 22 time(s).

12/4/2013 5:00:03 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 21 time(s).

12/3/2013 8:15:09 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 20 time(s).

12/3/2013 8:14:41 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 19 time(s).

12/3/2013 8:12:37 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 6 time(s).

12/3/2013 8:12:04 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 5 time(s).

12/3/2013 7:09:31 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 4 time(s).

12/3/2013 7:08:59 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 3 time(s).

12/3/2013 6:14:14 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 18 time(s).

12/3/2013 6:13:46 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 17 time(s).

12/3/2013 6:09:25 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 2 time(s).

12/3/2013 6:08:44 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 1 time(s).

12/3/2013 6:00:26 AM, Error: Service Control Manager [7034]  - The AVGIDSAgent service terminated unexpectedly.  It has done this 1 time(s).

12/3/2013 6:00:26 AM, Error: Service Control Manager [7034]  - The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).

12/3/2013 6:00:26 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Avgldx64

12/3/2013 6:00:26 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the WD File Management Engine service to connect.

12/3/2013 6:00:26 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.

12/3/2013 6:00:26 AM, Error: Service Control Manager [7000]  - The WD File Management Engine service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

12/3/2013 6:00:26 AM, Error: Service Control Manager [7000]  - The TOSHIBA Optical Disc Drive Service service failed to start due to the following error:  The system cannot find the path specified.

12/3/2013 5:50:30 PM, Error: Service Control Manager [7031]  - The Fitbit Connect Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

12/3/2013 5:16:12 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 16 time(s).

12/3/2013 5:15:38 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 15 time(s).

12/3/2013 3:15:05 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 14 time(s).

12/3/2013 3:14:31 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 13 time(s).

12/3/2013 11:12:51 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 10 time(s).

12/3/2013 11:12:19 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 9 time(s).

12/3/2013 10:09:44 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 8 time(s).

12/3/2013 10:09:10 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 7 time(s).

12/3/2013 1:13:57 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 12 time(s).

12/3/2013 1:13:25 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 11 time(s).

12/2/2013 10:51:50 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.

12/2/2013 10:42:09 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Cisco AnyConnect Secure Mobility Agent service to connect.

12/2/2013 10:42:09 PM, Error: Service Control Manager [7000]  - The Cisco AnyConnect Secure Mobility Agent service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

12/2/2013 10:39:23 PM, Error: EventLog [6008]  - The previous system shutdown at 10:34:29 PM on 12/2/2013 was unexpected.

12/1/2013 2:53:22 PM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

11/30/2013 7:24:57 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the XAudioService service to connect.

11/30/2013 7:24:57 AM, Error: Service Control Manager [7000]  - The XAudioService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

11/30/2013 6:01:53 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {0C0A3666-30C9-11D0-8F20-00805F2CD064}  to the user Cliff-PC\Cliff-alternate SID (S-1-5-21-622844284-1073897313-246545552-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/30/2013 5:57:08 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 24 time(s).

11/30/2013 5:56:37 AM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 23 time(s).

11/30/2013 10:35:29 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.

11/30/2013 10:35:29 PM, Error: Service Control Manager [7000]  - The Intuit Update Service v4 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

11/30/2013 10:34:56 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1c9c0688f8ebe14) service to connect.

11/30/2013 10:34:56 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate1c9c0688f8ebe14) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

11/28/2013 11:45:14 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

11/28/2013 11:45:14 AM, Error: Service Control Manager [7000]  - The iPod Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

11/28/2013 11:45:14 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

11/27/2013 9:26:47 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 30 time(s).

11/27/2013 9:26:12 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 29 time(s).

11/27/2013 7:25:39 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 28 time(s).

11/27/2013 7:24:51 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 27 time(s).

11/27/2013 5:24:06 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 26 time(s).

11/27/2013 5:23:33 PM, Error: Service Control Manager [7034]  - The Intuit QuickBooks FCS service terminated unexpectedly.  It has done this 25 time(s).

.

==== End Of File ===========================

Link to post
Share on other sites

No, you are not. If you take a look again at your DDS log files you will see that you posted the same text two times.

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
  • Note: Don't fix anything without my instructions

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
    • RogueKiller log
Link to post
Share on other sites

Here are the 4 requested files.  FYI . . . the Roguekiller website has google ads that make you think you are downloading their software but in reality you are downloading something about browser protection.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows Vista Home Premium x64

Ran by Cliff on Thu 12/05/2013 at 17:00:53.70

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D}

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitengine

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitengine

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2117678

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2504091

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F6E12D62-5F7F-44DB-BF40-67C07FF4BF62}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\Tasks\registrybooster.job

Successfully deleted: [File] "C:\end"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\big fish games"

Successfully deleted: [Folder] "C:\Users\Cliff\AppData\Roaming\registry mechanic"

Successfully deleted: [Folder] "C:\Users\Cliff\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Cliff\appdata\locallow\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\Cliff\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Cliff\appdata\locallow\conduitengine"

Successfully deleted: [Folder] "C:\Users\Cliff\appdata\locallow\vuze_remote"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"

Successfully deleted: [Folder] "C:\Program Files (x86)\vuze_remote"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"

Successfully deleted: [Empty Folder] C:\Users\Cliff\appdata\local\{02B9EA11-C9EE-467B-985C-9BB9788609BD}

Successfully deleted: [Empty Folder] C:\Users\Cliff\appdata\local\{3565E819-A319-4F32-9C2C-96D256B7137C}

Successfully deleted: [Empty Folder] C:\Users\Cliff\appdata\local\{CD259234-DD30-4EFE-9C30-E5019066B701}

Successfully deleted: [Empty Folder] C:\Users\Cliff\appdata\local\{E6F0BA9B-63E5-4A0B-A5A6-0D9C1C51251A}

 

 

 

~~~ Chrome

 

Successfully deleted: [Folder] C:\Users\Cliff\appdata\local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 12/05/2013 at 17:13:16.27

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.014 - Report created 05/12/2013 at 17:24:07

# Updated 01/12/2013 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)

# Username : Cliff - CLIFF-PC

# Running from : C:\Users\Cliff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARA4KVF5\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

[!] Folder Deleted : C:\ProgramData\AVG Security Toolbar

[!] Folder Deleted : C:\ProgramData\NCH Software

[!] Folder Deleted : C:\ProgramData\Uniblue\DriverScanner

[!] Folder Deleted : C:\Program Files (x86)\NCH Software

[!] Folder Deleted : C:\Program Files (x86)\NCH

[!] Folder Deleted : C:\Users\Cliff\AppData\Local\PackageAware

[!] Folder Deleted : C:\Users\Cliff\AppData\LocalLow\AVG Security Toolbar

[!] Folder Deleted : C:\Users\Cliff\AppData\LocalLow\NCH

[!] Folder Deleted : C:\Users\Cliff\AppData\Roaming\NCH Software

[!] Folder Deleted : C:\Users\Cliff-alternate\AppData\LocalLow\Conduit

[!] Folder Deleted : C:\Users\Cliff-alternate\AppData\LocalLow\ConduitEngine

[!] Folder Deleted : C:\Users\Cliff-alternate\AppData\LocalLow\PriceGong

[!] Folder Deleted : C:\Users\Cliff-alternate\AppData\LocalLow\Vuze_Remote

[!] Folder Deleted : C:\Users\Cliff-alternate\AppData\LocalLow\NCH

[!] Folder Deleted : C:\Users\Cliff-alternate\AppData\LocalLow\Vuze_Remote

File Deleted : C:\Users\Cliff\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Windows\System32\Tasks\NCH Software

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B61A151-5481-41D2-856D-A6D8450942CE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB40615F-6FBB-433B-96D2-83439866969B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B61A151-5481-41D2-856D-A6D8450942CE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB40615F-6FBB-433B-96D2-83439866969B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B61A151-5481-41D2-856D-A6D8450942CE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FB40615F-6FBB-433B-96D2-83439866969B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D6133A2-ED1A-4FEC-BFE7-F5F48CE2C454}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B469A121-C89F-4094-A35A-B63291B056E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{906EB786-3438-4C11-96C9-6EC38556464A}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\NCH Software

Key Deleted : HKCU\Software\AppDataLow\Software\NCH

Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\NCH Software

Key Deleted : HKLM\Software\Uniblue

Key Deleted : HKLM\Software\NCH

Key Deleted : HKLM\Software\Vuze_Remote

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlayMP3

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PremiereAdvertisingPlatform

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NCH Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar

Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16520

 

 

-\\ Google Chrome v31.0.1650.57

 

[ File : C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [8196 octets] - [05/12/2013 17:20:39]

AdwCleaner[s0].txt - [7304 octets] - [05/12/2013 17:24:07]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7364 octets] ##########

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.05.08

 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Cliff :: CLIFF-PC [administrator]

 

12/5/2013 5:48:58 PM

mbam-log-2013-12-05 (17-48-58).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 265124

Time elapsed: 19 minute(s), 29 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 2

C:\Users\Cliff\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\Cliff\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

 

Files Detected: 7

C:\Users\Cliff\Local Settings\Temporary Internet Files\Content.IE5\6IH1AEBM\mism[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\Cliff\Local Settings\Temporary Internet Files\Content.IE5\Y1VRNI4F\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\Cliff\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\Cliff\AppData\Local\Temp\ct3288691\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\Cliff\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\Cliff\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Users\Cliff\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

 

(end)

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User : Cliff [Admin rights]

Mode : Scan -- Date : 12/05/2013 19:01:17

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Cliff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x][x][x][x]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Cliff\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID 0913a [x][x][x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-622844284-1073897313-246545552-1000\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Cliff\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x][x][x][x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-622844284-1073897313-246545552-1000\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Cliff\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 2f77ced73be647d6a1e4523763b36a89-bffb21b6dce388d010a2d43163fae508478843d5 --CMPID 0913a [x][x][x]) -> FOUND

[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 2 ¤¤¤

[V1][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [x] -> FOUND

[V2][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [x] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

::1             localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2552GSX ATA Device +++++

--- User ---

[MBR] 497c642f29889f7ca883f7e682e8b8f7

[bSP] ee037b561e1cc4a250a936bb8b7acd13 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228386 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 470808576 | Size: 8588 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk U3 Cruzer Micro USB Device +++++

--- User ---

[MBR] 7546226e90be2dac2dca47db4c2fd459

[bSP] 788470fe12ec57aabe933cfdd9c84885 : Empty MBR Code

Partition table:

0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 245 | Size: 1952 Mo

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

Finished : << RKreport[0]_S_12052013_190117.txt >>

RKreport[0]_S_12022013_040527.txt

Link to post
Share on other sites

Thanks for your information! I have fixed my instructions to a specific links for both 32/64 bit versions.

Step 1

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Is there an alternative to ESET online? I can't get through the whole process without crashing. Then I have to start all over again. The last I saw it had found 4 threats and was still scanning. All of them were "a variant of Win32/Toolbar.Conduit.B application". I'm trying it now, in SAFE MODE. if it gets all the way through, I'll paste the log.

Link to post
Share on other sites

Sorry about delay!

I was out of town, because of student's day here in Bulgaria.

There was something unexpected, because there is nothing such serious as a software issue to this end of system.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair

      System Restore

      Windows Complete PC Restore

      Windows Memory Diagnostic Tool

      Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013
Ran by SYSTEM on MINWINPC on 12-12-2013 03:08:30
Running from G:\
WIN_VISTA Service Pack 1 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.

==================== Registry (Whitelisted) ==================

Attention: Software hive is missing.

ATTENTION: Software hive is not loaded.

==================== Services (Whitelisted) =================

==================== Drivers (Whitelisted) ====================

========================== Drivers MD5 =======================

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

==================== One Month Modified Files and Folders =======

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!

==================== Restore Points  =========================

==================== BCD ================================
The boot configuration data store could not be opened.
The system cannot find the path specified.

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 3965.48 MB
Available physical RAM: 3486.58 MB
Total Pagefile: 3720.23 MB
Available Pagefile: 3446.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Drives ================================

Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:1.9 GB) (Free:1.66 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.