WiredWX Hobby Weather ToolsLog in

 


descriptionAvast scan EmptyAvast scan

more_horiz
Hello,i just did a scan with Avast and it said some files could not be scanned and when i checked them it said error:archive is password protected (42056). Does this mean i've got malware.Thanks Paul

descriptionAvast scan EmptyRe: Avast scan

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
Let's run a few scans to see what's happening.

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

********************************************************
Avast scan Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

descriptionAvast scan Emptylogs

more_horiz
# AdwCleaner v2.200 - Logfile created 04/13/2013 at 15:49:18
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Christina Curtis - TOSHIBA
# Boot Mode : Normal
# Running from : C:\Users\Christina Curtis\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit

***** [Registry] *****

Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : HKLM\Software\SpeedBit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.speedbit.com/tab/?s=D2Sb --> hxxp://www.google.com

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Christina Curtis\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1394 octets] - [13/04/2013 15:48:42]Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.13.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Christina Curtis :: TOSHIBA [administrator]

13/04/2013 16:05:08
mbam-log-2013-04-13 (16-05-08).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 449969
Time elapsed: 1 hour(s), 13 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Results of screen317's Security Check version 0.99.62
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
AVG PC TuneUp
TuneUp 2.4.6.4
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
Java(TM) 6 Update 20
Java 7 Update 17
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
IObit IObit Malware Fighter IMFsrv.exe
IObit IObit Malware Fighter IMF.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

AdwCleaner[S1].txt - [1222 octets] - [13/04/2013 15:49:18]

########## EOF - C:\AdwCleaner[S1].txt - [1282 octets] ##########

descriptionAvast scan EmptyRe: Avast scan

more_horiz
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

Avast scan NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

Avast scan NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Avast scan RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Avast scan Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionAvast scan Emptylog

more_horiz
ComboFix 13-04-12.02 - Christina Curtis 14/04/2013 0:21.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1907.619 [GMT 1:00]
Running from: c:\users\Christina Curtis\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Toshiba
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\Backup\ReelTimeMonitorData.dat
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\ReelTimeMonitorData.dat
.
---- Previous Run -------
.
c:\programdata\Toshiba\TSS\ToshibaUpdates.xml
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards.xml
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards.xml.bak
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.xml
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.xml.bak
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\Board.xml
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\board1.xml
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\Get Started Board_layer_r2_c110.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\Get Started Board_layer_r2_c20.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\Get Started Board_layer_r2_c50.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\Get Started Board_layer_r4_c70.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\Get Started Board_layer_r5_c100.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\Get Started Board_layer_r5_c40.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\Help_Top000000.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Boards\IMG_2866000000.jpg
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\screenshot.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Settings.xml
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Settings.xml.bak
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\Share.xml
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\BulletinBoard\ToshibaBoardSettings.xml
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\pcdiag\v3.0\cddrivetest.csv
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\pcdiag\v3.0\chkpc.csv
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\pcdiag\v3.0\DISPLAYTest.csv
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\pcdiag\v3.0\hddrivetest.csv
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\pcdiag\v3.0\NETTest.csv
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\pcdiag\v3.0\USBTest.csv
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\Backup\ReelTime.MRUAppData.dat
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\Backup\ReelTime.MRUFileData.dat
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\Backup\ReelTimeMonitorData.dat
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\ReelTime.MRUAppData.dat
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\ReelTime.MRUFileData.dat
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\ReelTime.setting.xml
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\ReelTimeMonitorData.dat
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\0549b94c-5672-4cd6-ba5f-0f2b9340b540.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\0de24c22-bec1-4c1f-8743-5318f372db5b.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\0f88dc3b-e3a6-46a3-9e91-128925b60cf2.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\10a5fea9-c676-4360-b7bc-79d2bfbf6b8d.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\16a6ccef-6c9b-431c-9146-15a82296a54f.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\1976849b-ec78-4b47-b300-e594ebbe6ee0.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\48d31867-fbd7-4e4a-96c2-87ae019d1304.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\568af603-d42e-475b-8e64-d5cfd83e66fa.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\58c3808e-697a-49b3-8775-8f96f4c0cb2f.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\594b443e-c159-4ce0-93ff-29477f29083e.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\6dcda95f-020f-498f-aa7f-632da3495177.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\7bd80e95-68d4-43fd-a9f3-6fa40c7df4b8.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\b7aaf9df-25f7-495d-9fb7-e0af0478e4f0.png
c:\users\Christina Curtis\AppData\Roaming\TOSHIBA\ReelTime\UserData\ea59c38a-cf06-44a5-b439-53644656f6fb.png
.
.
((((((((((((((((((((((((( Files Created from 2013-03-13 to 2013-04-13 )))))))))))))))))))))))))))))))
.
.
2013-04-13 23:34 . 2013-04-13 23:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-13 23:34 . 2013-04-13 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-13 16:40 . 2013-04-13 19:15 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EC6C1B3-33B7-4C22-A26F-861E131AD44B}\offreg.dll
2013-04-12 12:41 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EC6C1B3-33B7-4C22-A26F-861E131AD44B}\mpengine.dll
2013-04-11 13:57 . 2013-02-22 06:57 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-04-11 13:57 . 2013-02-22 06:29 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-04-11 10:48 . 2013-03-19 05:54 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 10:48 . 2013-03-19 03:19 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-11 10:48 . 2013-03-19 04:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 19:04 . 2013-03-19 19:04 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 13:59 . 2012-11-06 23:19 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 13:50 . 2013-02-15 21:03 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-15 22:17 . 2012-07-25 17:39 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 22:17 . 2012-07-25 17:39 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 00:10 . 2012-09-01 15:19 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-06 23:33 . 2013-03-02 04:22 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-03-02 04:22 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-02-15 22:40 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2013-02-15 22:40 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2013-02-15 22:40 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2013-02-15 22:40 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2013-02-15 22:40 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2013-02-15 22:40 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2013-02-15 22:39 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2013-02-15 22:40 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-06 14:00 . 2013-03-06 14:00 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-03-06 14:00 . 2013-03-06 14:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-03-06 05:40 . 2013-03-06 05:41 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 05:39 . 2012-09-09 02:43 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-06 05:39 . 2010-11-10 14:39 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-28 08:36 . 2013-02-15 23:06 22664 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-02-28 07:39 . 2013-02-28 07:39 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-02-20 16:36 . 2013-02-28 09:23 237840 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-02-20 16:34 . 2013-02-28 09:22 120080 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-02-20 16:34 . 2013-02-20 16:34 131856 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-02-19 16:14 . 2013-02-19 16:14 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-01-15 18:49 . 2013-02-23 03:36 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-24 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-02 946352]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-02 1234216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 aswVmm;aswVmm; [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-02-20 131856]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-22 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-08-23 2148216]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-06-20 20592]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 13:31 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 22:17]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-24 16:01]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-24 16:01]
.
2013-04-12 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2010-09-28 566184]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-05-10 915320]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 570680]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-04-14 00:52:00
ComboFix-quarantined-files.txt 2013-04-13 23:51
ComboFix2.txt 2012-11-13 22:12
.
Pre-Run: 103,351,455,744 bytes free
Post-Run: 102,933,286,912 bytes free
.
- - End Of File - - E68B643C8DFD1386579A27E3DAAED597

descriptionAvast scan EmptyRe: Avast scan

more_horiz
Please download Rooter and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

descriptionAvast scan Emptylog

more_horiz
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..

.
Windows 7 Home Edition (6.1.7600)
[32_bits] - Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\ [Fixed-NTFS] .. ( Total:149 Go - Free:95 Go )
D:\ [Fixed-NTFS] .. ( Total:148 Go - Free:133 Go )
E:\ [CD_Rom]
.
Scan : 12:30.55
Path : C:\Users\Christina Curtis\Downloads\Rooter.exe
User : Christina Curtis ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe??$ (364)
Locked csrss.ex??$ (488)
Locked wininit.??$ (532)
Locked csrss.ex??$ (552)
Locked services??$ (588)
Locked lsass.ex??$ (608)
Locked lsm.exe (616)
Locked svchost.??$ (724)
Locked ASCServi??$ (780)
Locked winlogon??$ (824)
Locked svchost.??$ (912)
Locked svchost.??$ (996)
Locked svchost.??$ (376)
Locked svchost.??$ (496)
Locked audiodg.??$ (896)
Locked svchost.??$ (1048)
Locked svchost.??$ (1176)
Locked AvastSvc??$ (1292)
Locked spoolsv.??$ (1484)
Locked svchost.??$ (1512)
Locked SASCore6??$ (1592)
Locked AppleMob??$ (1616)
Locked mDNSResp??$ (1648)
Locked svchost.??$ (1764)
Locked RIconMan??$ (1800)
Locked LMS.exe (1852)
Locked mbamsche??$ (1884)
Locked mbamserv??$ (1904)
Locked SeaPort.??$ (1948)
Locked TODDSrv.??$ (1568)
Locked TosCoSrv??$ (2064)
Locked TuneUpUt??$ (2152)
Locked svchost.??$ (2172)
Locked SearchIn??$ (2200)
Locked svchost.??$ (3108)
Locked WmiPrvSE??$ (3720)
Locked CFIWmxSv??$ (4064)
Locked CFSvcs.e??$ (2616)
Locked NASvc.ex??$ (3344)
Locked UNS.exe (3588)
Locked wmpnetwk??$ (3608)
Locked WmiPrvSE??$ (980)
______ ??!1?????? (1528)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2896)
______ ??!1?????? (1968)
______ ??!1?????? (1080)
______ ??!1?????? (1400)
______ ??!1?????? (1412)
______ ??!1?????? (3544)
______ ??!1?????? (2852)
______ ??!1?????? (3120)
______ ??!1?????? (4060)
______ ??!1?????? (3088)
______ ??!1?????? (2612)
______ ??!1?????? (3500)
______ ??!1?????? (3860)
______ ??!1?????? (3468)
______ ??!1?????? (2892)
______ C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (3448)
______ ??!1?????? (3516)
______ ??!1?????? (4128)
Locked taskeng.??$ (4164)
______ C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (4328)
Locked Monitor.??$ (4344)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (4476)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4488)
______ C:\Program Files\AVAST Software\Avast\AvastUI.exe (4496)
______ ??!1?????? (4656)
______ ??!1?????? (4716)
______ ??!1?????? (4760)
______ C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (4796)
______ C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (5016)
Locked iPodServ??$ (4968)
______ C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (5068)
Locked svchost.??$ (4256)
______ ??!1?????? (5496)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (5536)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (6020)
Locked dllhost.??$ (6056)
Locked TrustedI??$ (5452)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5464)
Locked TMachInf??$ (5788)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5564)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5160)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (184)
Locked TosSmart??$ (5136)
______ ??!1?????? (4140)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5924)
______ C:\Users\Christina Curtis\Downloads\Rooter.exe (4216)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:419430400)
\Device\Harddisk0\Partition2 (Start_Offset:420478976 | Length:160035766272)
\Device\Harddisk0\Partition3 (Start_Offset:160456245248 | Length:159616335872)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\ParetoLogic Registration3.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\TaskDisabled
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 12:31.13
.
C:\Rooter$\Rooter_1.txt - (15/04/2013 | 12:31.13)

descriptionAvast scan EmptyRe: Avast scan

more_horiz
How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the Avast scan EsetOnline button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on Avast scan EsetSmartInstall to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Avast scan EsetSmartInstallDesktopIcon-1 icon on your desktop.

•Check Avast scan EsetAcceptTerms
•Click the Avast scan EsetStart button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check Avast scan EsetScanArchives
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push Avast scan EsetListThreats
•Push Avast scan EsetExport, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the Avast scan EsetBack button.
•Push Avast scan EsetFinish
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionAvast scan EmptyRe: Avast scan

more_horiz
My computer's running better thanks.I did a scan with ESET and no threats were found.Bye

descriptionAvast scan EmptyRe: Avast scan

more_horiz
Ok, let's do some cleanup.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.

To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
***********************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

Avast scan Diskcleanup2

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

Avast scan Diskcleanup

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
********************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

descriptionAvast scan EmptyRe: Avast scan

more_horiz
I try'ed to remove combofix but it didn't work it just said this program might not have installed correctly.

descriptionAvast scan EmptyRe: Avast scan

more_horiz
paulray wrote:
I try'ed to remove combofix but it didn't work it just said this program might not have installed correctly.

That's correct; it was installed in downloads instead of the desktop.
You can look in Programs and features and uninstall it if it's there or you delete the program.

descriptionAvast scan EmptyRe: Avast scan

more_horiz
I know it's in downloads but after i give permission to make changes to my computer nothing happens.I've looked in programs but can't find it.Is it because i didn't use the links you said and used the combofix i had installed from before?Also how do i uninstall rooter

descriptionAvast scan EmptyRe: Avast scan

more_horiz
paulray wrote:
I know it's in downloads but after i give permission to make changes to my computer nothing happens.I've looked in programs but can't find it.Is it because i didn't use the links you said and used the combofix i had installed from before?Also how do i uninstall rooter

If it's not in Program Files it can be found on your desktop. In that case, just delete the program from your desktop or delete it from your C drive.

descriptionAvast scan EmptyRe: Avast scan

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum