1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Weird occurence

Discussion in 'Virus & Other Malware Removal' started by Veryfrustratedus, Feb 10, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    732
    The problem is something Terry Net called. In our exchange of posts my seeking to find how an individual email went missing from my Client Sent items folder he determined that it is probable someone has had access to my machine probably installing a remote access. I will copy this to the top of the post that opens when I click this link.

    Hi, I have noticed that my sent items box in my email client (windows mail) seems to be missing emails I sent. I wanted to know if there is some way for recipients to delete themselves from a senders client? This has happened before during a long legal process mostly conducted by email and on that occasion most of the emails for the 9 months of that interaction went missing from my client and my server. My ISP concast refused to help find out how that selective removal from the server happened. If I had to guess someone has created an app or program that does this. I realise it is illegal but if legality were no problem this site would not exist. On a different tack; if my questions do not go anywhere and assuming it to be true (it is) that the sent email is missing from my client (I have not noticed anything else missing) how might that be done? I don't need instructions just the general way so that I can figure out how to prove it and protect from it. Anyway seems very weird for this one email to go missing from my sent items box. I noticed this because I wanted to check exactly what I had written before following up. I sent it about 5 days ago.
     
  2. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    77,184
    First Name:
    Terry
    Is this POP or IMAP?

    If POP I don't know any way that somebody could delete message(s) from an email client other than to have access to your computer. "Access" could mean logged in or to have physical access. And, as far as I know, your Sent messages would not be on the mail server at all.

    If IMAP and your folders are synced with the server than in addition to the above somebody could conceivably hack into your account (without access to your computer) and delete message(s).

    Of course, we cannot rule out glitches, hiccups, disk defects and other unexpected events.
     
  3. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    732
    HI thanks for responding so quickly. It is POP3. Um I wasn't clear I did not mean the emails that disappeared form the server included the sent items. They were pretty much just the received emails involved in the legal matter and a few random others to make it look "normal" I would guess. BTW at that time those same emails and the replies (sent items) which I had saved in the client got removed from the client leaving other emails from that time period intact. I figure it was a hacking. What is even more weird is that I had saved those emails into a documents folder and they were safe after I noticed the loss, but it turned up empty when I went back to look for something a few months later. Weird huh? EDIT Any ideas how I might determine if my server account is being hacked? I already know concats will be no help.
     
  4. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    77,184
    First Name:
    Terry
    Sounds like somebody had access to your machine. And maybe left behind some kind of remote connection software or spyware that permits him/her to continue to login.

    Going forward make sure any important data, including mail messages, contacts, bookmarks (or "favorites"), are saved to an external hard drive, USB flash drive, DVD or other media not normally connected to the computer. USB flash drive is not considered safe for long term storage, but it's better than nothing.

    If you want help determining if there is some malware ...

    Read Everyone MUST read this BEFORE posting for help in this forum and post the requested information here. When I see that you have posted the information I will move this thread to the Virus & Other Malware Removal forum.

    Bump your thread there once a day--no more often--until you get a reply. They're kinda busy over there.

    Otherwise, I think there is nothing to do unless you can convince a law enforcement agency to get involved.
     
  5. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    732
    Thank You. That is weird. The only way I can figure it happened is that either someone broke into my home when I was out or I downloaded something.
    Here's Sys Info
    Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 64 bit Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz, Intel64 Family 6 Model 15 Stepping 13 Processor Count: 2 RAM: 3963 Mb Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1853 Mb Hard Drives: C: Total - 142858 MB, Free - 83379 MB; Motherboard: TOSHIBA, Portable PC Antivirus: Microsoft Security Essentials, Updated and Enabled
     
  6. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    732
    Edit 3
    The problem is something Terry Net called. In our exchange of posts my seeking to find how an individual email went missing from my Client Sent items folder he determined that it is probable someone has had access to my machine probably installing a remote access. I will copy this to the top of the post that opens when I click this link
    .

    GMER would not run. I logged off and closed all windows and the email client and it still would not run. It started then ran a few seconds and I got the 'p8kmbrvk.exe has stopped working' message offering to look online for a solution. Edit I have tried GMER with IE same result.
    Edit 2 That Ask toolbar was a mistake during some update process I thought I had deleted it in process it but I can see it now on control panel. There is also a google update in the HJT list which I do not think should be there I removed google earth and do not use any other google product.

    Here is the rest

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:59:16 PM, on 2/10/2014
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19489)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\user2\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost
    O2 - BHO: Ghostery BHO - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
    O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~2\PEOPLE~1\PRPL_I~1.DLL (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O18 - Filter hijack: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8891 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.6001.19489 BrowserJavaVersion: 10.51.2
    Run by user2 at 13:00:34 on 2014-02-10
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3963.2440 [GMT -8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\RAVCpl64.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
    C:\Windows\ehome\ehmsas.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\consent.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = Preserve
    mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    uProxyOverride = <local>
    mWinlogon: Userinit = userinit.exe,
    BHO: Ghostery Add-On: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
    BHO: Accelerator Plugin: {656EC4B7-072B-4698-B504-2A414C1F0037} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [TOSCDSPD] TOSCDSPD.EXE
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{C12D3495-9B83-4917-A534-5FCF1ED20B86} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
    x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
    x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [RtHDVCpl] RAVCpl64.exe
    x64-Run: [Skytel] Skytel.exe
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\user2\AppData\Roaming\Mozilla\Firefox\Profiles\y89g7629.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: network.proxy.ftp - 80.192.41.229
    FF - prefs.js: network.proxy.ftp_port - 3128
    FF - prefs.js: network.proxy.socks - 80.192.41.229
    FF - prefs.js: network.proxy.socks_port - 3128
    FF - prefs.js: network.proxy.ssl - 80.192.41.229
    FF - prefs.js: network.proxy.ssl_port - 3128
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-18 65336]
    R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-18 178624]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2012-3-4 504912]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-1-10 166352]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
    R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-18 46392]
    R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2008-8-18 8704]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-3-4 89920]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
    S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2008-8-18 248320]
    S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2008-8-18 237568]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2014-02-05 03:34:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-05 03:34:12 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-01-14 20:58:54 86054176 ----a-w- C:\Windows\System32\mrt.exe
    2014-01-04 18:25:30 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2013-12-19 05:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-12-19 05:04:13 264616 ----a-w- C:\Windows\SysWow64\javaws.exe
    2013-12-19 05:04:09 175016 ----a-w- C:\Windows\SysWow64\javaw.exe
    2013-12-19 05:03:46 174504 ----a-w- C:\Windows\SysWow64\java.exe
    .
    ============= FINISH: 13:01:12.80 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista&#8482; Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/4/2012 12:49:16 PM
    System Uptime: 2/10/2014 7:32:37 AM (6 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 140 GiB total, 81.42 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Atheros AR5007EG Wireless Network Adapter
    Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01\4&C8C337F&0&00E1
    Manufacturer: Atheros Communications Inc.
    Name: Atheros AR5007EG Wireless Network Adapter
    PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01\4&C8C337F&0&00E1
    Service: athr
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    7-Zip 9.20 (x64 edition)
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader X (10.1.9)
    Adobe Shockwave Player 12.0
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_CDB_ToolboxIni64
    AIO_Scan
    Ask Toolbar
    Atheros Driver Installation Program
    BufferChm
    CD/DVD Drive Acoustic Silencer
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Copy
    CVE-2012-4792
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    DVD MovieFactory for TOSHIBA
    ESET Online Scanner v3
    eSupportQFolder
    F300
    F300_Help
    F300Trb
    Fax
    Ghostery IE Plugin
    Google Update Helper
    HD Tune Pro 5.00
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Imaging Device Functions 8.0
    HP OCR Software 8.0
    HP Photosmart Essential
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    HP Solution Center 8.0
    HPProductAssistant
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    Java 7 Update 51
    Java Auto Updater
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4.5.1
    Microsoft Office 2000 SR-1 Professional
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft XML Parser
    Mozilla Firefox 27.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    QuickBooks Financial Center
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    SAMSUNG Intelli-studio
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Windows Media Encoder (KB2447961)
    SolutionCenter
    Status
    SUPERAntiSpyware
    swMSM
    Synaptics Pointing Device Driver
    Toolbox
    TOSHIBA Assist
    TOSHIBA Desktop Links
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Hardware Setup
    TOSHIBA Recovery Disc Creator
    TOSHIBA Service Station
    TOSHIBA Software Modem
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    WebReg
    Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
    Windows Media Encoder 9 Series
    .
    ==== End Of File ===========================
     
  7. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    732
  8. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    732
    Bumping
    Additional info: Update came up with 10 important updates this morning so I installed them. I hope that doesn't violate the do not change anything after posting rule.
     
  9. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    732
    Daily Bump da dum dump :)
     
  10. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    732
  11. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    732
  12. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    732
  13. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    75,946
    let me see if I can flag anyone down for you.
     
  14. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    732
    Thank You Valis
     
  15. Veryfrustratedus

    Veryfrustratedus Thread Starter

    Joined:
    Dec 6, 2009
    Messages:
    732
    EDIT-Sheesh in the time it took me to post that it seems to have fixed itself. AT least the Client is indicating it is working. To be clear I tried for 5 minutes closing the email client and browser several times I wasn't impatient on the first try.
    New Problem. I went offline for an hour or so and when I pugged back in my email client will not connect. I get an error message of: Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'mail.Comcast.net', Server: 'mail.Comcast.net', Protocol: POP3, Port: 110, Secure(SSL): No, Socket Error: 10053, Error Number: 0x800CCC0F

    My Browser, FF is going very very slowly I had to close it multiple times to get logged back in here. ?? Definitely weird. I am going to try to log into the server.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Weird occurence
  1. spoonthumb
    Replies:
    9
    Views:
    436
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1119633

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice