rich2dive

Members
  • Content count

    6
  • Joined

  • Last visited

About rich2dive

  • Rank
    New Member
  1. Hi Maurice, After consideration, we have decided to reduce the risk and Restore the computer back to the Factory setting and out of the box state. Thank you for your time and advice.
  2. I finished with your instructions. Emergency Kit Scanner found 3 trojans and rootkit.mbr.pihar.g Ready for the next step. PS> after re-boot the desktop started normal and changed to black Thanks
  3. Thank you for the quick reply.... I want to ask if you foresee any troubles. This is on my parents computer and I use Citrix (gotomypc) to do support (yes 3000 mi). I can get them to SAFE Mode, and probably start that service (have not tried before). As for Spybot, is it enough to exit the app? I am not sure it auto start in Safe Mode.
  4. Computer was infected with Justice Department Money Pak Virus. Started computer in SAFE mode and ran Malwarebytes Pro to remove. All appeared to work fine a fix the problem. However, the Desktop continues to return to black even after resetting to a picture. Also, (but guessing not actually related) PUP.datamngr continues to reinsert itself in the Registry after Malwarebytes removes it. Your help is appreciated. Here are the DDS files: DDS.TXT DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2 Run by Admin at 10:31:36 on 2013-02-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6047.3890 [GMT -7:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\ThpSrv.exe C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\taskeng.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\Windows\System32\ThpSrv.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\igfxext.exe C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe C:\Program Files (x86)\Browny02\BrYNSvc.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe C:\Program Files (x86)\Microsoft Office\Office11\WINWORD.EXE C:\windows\splwow64.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Citrix\GoToMyPC\g2mainh.exe C:\Program Files (x86)\Citrix\GoToMyPC\g2host.exe C:\Program Files (x86)\Citrix\GoToMyPC\g2audioh.exe C:\Program Files (x86)\Citrix\GoToMyPC\g2printh.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.toshiba.com uDefault_Page_URL = hxxp://start.toshiba.com uProxyOverride = <local> mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe -update plugin mRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun: [bYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" dRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{AB17C26D-C9BB-4BF5-88C3-934B7AD094BA} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{AB17C26D-C9BB-4BF5-88C3-934B7AD094BA}\34F657274797162746 : DHCPNameServer = 10.71.0.1 TCP: Interfaces\{AB17C26D-C9BB-4BF5-88C3-934B7AD094BA}\377716 : DHCPNameServer = 10.60.0.1 TCP: Interfaces\{AB17C26D-C9BB-4BF5-88C3-934B7AD094BA}\45865614574786F627964797C414E4 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{AB17C26D-C9BB-4BF5-88C3-934B7AD094BA}\47F627F67657563747 : DHCPNameServer = 170.92.160.9 170.92.160.1 170.92.16.42 170.92.16.43 TCP: Interfaces\{AB17C26D-C9BB-4BF5-88C3-934B7AD094BA}\86F6D656F5E65647F577962756C6563737 : DHCPNameServer = 192.168.2.1 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: SDWinLogon - SDWinLogon.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = hxxp://start.toshiba.com/ x64-mDefault_Page_URL = hxxp://start.toshiba.com/ x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg58atyr.default\ FF - prefs.js: browser.startup.homepage - hxxp://start.toshiba.com FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\ConservativeTalkNow_4nEI\Installr\1.bin\NP4nEISb.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-02-16 08:24; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn FF - ExtSQL: 2013-02-16 11:43; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-5 451192] R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-5 1129120] R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2011-3-23 36992] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-12 1388120] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-5 167072] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130215.002\IDSviA64.sys [2013-2-16 513184] R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-5 190072] R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-5 405624] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-20 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-20 682344] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-10-20 132056] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-11-14 126392] R2 risdxc;risdxc;C:\windows\System32\drivers\risdxc64.sys [2011-11-14 101888] R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-20 1103392] R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-20 1369624] R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-20 168384] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-14 2656280] R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-12-8 245760] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-26 138912] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-1-20 24176] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-10 82432] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-11-14 38096] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-11-14 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-2-6 572928] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-1 340240] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-1-20 19456] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-1-20 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-1-20 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-12-2 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-02-17 03:42:52 0 ----a-w- C:\windows\SysWow64\sho7171.tmp 2013-02-16 20:10:15 -------- d-----w- C:\Users\Admin\AppData\Local\Macromedia 2013-02-16 20:03:54 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-02-16 20:03:45 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-14 18:32:30 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 18:32:30 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 14:52:46 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-02-13 14:52:45 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 14:52:45 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-02-13 14:52:37 3153408 ----a-w- C:\windows\System32\win32k.sys 2013-02-13 14:52:35 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-02-13 14:52:35 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-02-13 14:52:35 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-02-13 14:52:35 215040 ----a-w- C:\windows\System32\winsrv.dll 2013-02-13 14:52:35 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-02-13 14:52:35 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-02-13 14:52:34 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS 2013-02-13 14:52:34 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-02-13 05:13:58 0 ----a-w- C:\windows\SysWow64\shoC7E1.tmp 2013-02-13 02:59:53 0 ----a-w- C:\windows\SysWow64\shoE984.tmp 2013-02-13 00:44:40 0 ----a-w- C:\windows\SysWow64\sho77D8.tmp 2013-02-08 23:40:10 0 ----a-w- C:\windows\SysWow64\sho155D.tmp 2013-02-07 00:53:54 0 ----a-w- C:\windows\SysWow64\shoDE0A.tmp 2013-02-05 23:39:17 737952 ----a-w- C:\windows\System32\drivers\NISx64\1309010.00E\srtsp64.sys 2013-02-05 23:39:17 451192 ----a-r- C:\windows\System32\drivers\NISx64\1309010.00E\symds64.sys 2013-02-05 23:39:17 405624 ----a-w- C:\windows\System32\drivers\NISx64\1309010.00E\symnets.sys 2013-02-05 23:39:17 37536 ----a-w- C:\windows\System32\drivers\NISx64\1309010.00E\srtspx64.sys 2013-02-05 23:39:17 190072 ----a-w- C:\windows\System32\drivers\NISx64\1309010.00E\ironx64.sys 2013-02-05 23:39:17 167072 ----a-w- C:\windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys 2013-02-05 23:39:17 1129120 ----a-w- C:\windows\System32\drivers\NISx64\1309010.00E\symefa64.sys 2013-02-05 23:39:09 -------- d-----w- C:\windows\System32\drivers\NISx64\1309010.00E 2013-02-05 02:13:58 0 ----a-w- C:\windows\SysWow64\sho328C.tmp 2013-02-02 01:27:59 0 ----a-w- C:\windows\SysWow64\sho2FDE.tmp 2013-01-28 01:44:10 0 ----a-w- C:\windows\SysWow64\sho7CF7.tmp 2013-01-24 03:59:19 0 ----a-w- C:\windows\SysWow64\sho8B00.tmp 2013-01-23 03:44:36 0 ----a-w- C:\windows\SysWow64\sho6089.tmp 2013-01-22 10:40:34 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes 2013-01-22 10:38:24 -------- d-----w- C:\Users\Admin\AppData\Roaming\Garmin 2013-01-22 10:37:55 -------- d-----w- C:\Users\Admin\AppData\Local\Scansoft 2013-01-22 10:37:49 -------- d-----w- C:\Users\Admin\AppData\Local\TOSHIBA 2013-01-22 10:36:13 -------- d-----w- C:\Users\Admin\AppData\Local\VirtualStore 2013-01-22 05:24:26 0 ----a-w- C:\windows\SysWow64\sho63F2.tmp 2013-01-20 22:49:09 0 ----a-w- C:\windows\SysWow64\shoBC5C.tmp 2013-01-20 22:32:01 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-20 17:48:07 0 ----a-w- C:\windows\SysWow64\sho7E92.tmp 2013-01-20 16:45:04 -------- d-----w- C:\ProgramData\Malwarebytes 2013-01-20 16:45:02 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-01-20 16:45:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-20 16:18:44 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2013-01-20 16:18:44 458712 ----a-w- C:\windows\System32\drivers\cng.sys 2013-01-20 16:18:44 340992 ----a-w- C:\windows\System32\schannel.dll 2013-01-20 16:18:44 247808 ----a-w- C:\windows\SysWow64\schannel.dll 2013-01-20 16:18:44 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2013-01-20 16:18:44 154480 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2013-01-20 16:18:44 1448448 ----a-w- C:\windows\System32\lsasrv.dll 2013-01-20 16:18:43 514560 ----a-w- C:\windows\SysWow64\qdvd.dll 2013-01-20 16:18:43 366592 ----a-w- C:\windows\System32\qdvd.dll 2013-01-20 13:58:44 0 ----a-w- C:\windows\SysWow64\sho1209.tmp 2013-01-20 13:40:37 0 ----a-w- C:\windows\SysWow64\shoA786.tmp 2013-01-20 12:50:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2013-01-20 12:48:23 17272 ----a-w- C:\windows\System32\sdnclean64.exe 2013-01-20 12:48:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2 . ==================== Find3M ==================== . 2013-02-16 20:03:39 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-02-09 17:54:22 74096 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-09 17:54:22 697712 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 01:19:09 2312704 ----a-w- C:\windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-08 04:20:56 0 ----a-w- C:\windows\SysWow64\sho70E9.tmp 2012-12-07 15:15:20 0 ----a-w- C:\windows\SysWow64\shoBB72.tmp 2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\windows\System32\KernelBase.dll 2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 14:38:25 0 ----a-w- C:\windows\SysWow64\shoD690.tmp 2012-11-23 03:13:57 68608 ----a-w- C:\windows\System32\taskhost.exe 2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll . ============= FINISH: 10:32:10.62 =============== Attach.txt : . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/14/2011 11:31:39 AM System Uptime: 2/17/2013 8:01:48 AM (2 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Core i5-2435M CPU @ 2.40GHz | Socket BGA1023 | 2401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 580 GiB total, 515.729 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP192: 2/5/2013 5:17:13 PM - Scheduled Checkpoint RP193: 2/13/2013 1:42:19 PM - Scheduled Checkpoint RP194: 2/14/2013 8:44:02 AM - Windows Update RP195: 2/16/2013 1:03:07 PM - Installed Java 7 Update 13 RP196: 2/16/2013 1:05:21 PM - Removed Java 6 Update 25 . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.01) Bejeweled 3 Brother MFL-Pro Suite MFC-J415W Carbonite Chuzzle Deluxe Compatibility Pack for the 2007 Office system D3DX10 DefaultTab Chrome EReport EReport 1.0.61 FATE - The Traitor Soul Final Media Player 2012 Fishdom 2 Garmin Lifetime Updater Google Chrome Google Toolbar for Internet Explorer Google Update Helper GoToMyPC Intel PROSet Wireless Intel® Management Engine Components Intel® Network Connections Drivers Intel® Processor Graphics Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® WiDi Intel® Wireless Display Java 7 Update 13 Java Auto Updater Java 6 Update 25 Junk Mail filter update LG Verizon United Drivers Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Access database engine 2007 (English) Microsoft Office Click-to-Run 2010 Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Office Starter 2010 - English Microsoft Office XP Professional with FrontPage Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Streets & Trips 2009 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 18.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton Internet Security Norton PC Checkup PaperPort Image Printer 64-bit Penguins! PL-2303 USB-to-Serial Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 PlayReady PC Runtime x86 Polar Bowler Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver RICOH Media Driver v2.15.17.02 ScanSoft PaperPort 11 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Skype Launcher Spybot - Search & Destroy Synaptics Pointing Device Driver Tom Clancy's Splinter Cell Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA HDD Protection TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Security Assist TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBA Wireless Display Monitor TOSHIBA Wireless LAN Indicator TOSHIBARegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update Installer for WildTangent Games App Virtual Villagers 5 - New Believers WildTangent Games WildTangent Games App (Toshiba Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources XFINITY Toolbar Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 2/17/2013 8:03:17 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s). 2/17/2013 10:32:15 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume TI106235W0C. 2/16/2013 8:36:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 2/16/2013 8:36:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2/16/2013 8:36:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/16/2013 8:36:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} 2/16/2013 8:36:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 2/16/2013 8:35:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6 2/16/2013 8:35:26 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 2/16/2013 8:35:23 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 21 2/16/2013 8:35:18 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 2/15/2013 8:44:52 PM, Error: Service Control Manager [7023] - The Google Update Service (gupdate) service terminated with the following error: %%-2147467243 2/14/2013 11:45:06 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). 2/13/2013 11:00:21 PM, Error: Service Control Manager [7030] - The DefaultTabSearch service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 2/12/2013 12:40:45 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 2/12/2013 12:40:45 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. . ==== End Of File ===========================
  5. Computer was infected with Justice Department Money Pak Virus. Started computer in SAFE mode and ran Malwarebytes Pro to remove. All appeared to work fine a fix the problem. However, the Desktop continues to return to black even after resetting to a picture. Also, (but guessing not actually related) PUP.datamngr continues to reinsert itself in the Registry after Malwarebytes removes it. Your help is appreciated.