Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Had laptop fixed now its slow [Solved]


  • This topic is locked This topic is locked

#16
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I run it and press fix but it says the log should be in the same place or something


Hi :)

You can find the fixlog.txt in this directory: C:\Users\Toshiba\Downloads

Also, please copy frst64.exe (it is in the same directory) to your desktop. That's where it should be running from.

To review: You should find frst64.exe in the C:\Users\Toshiba\Downloads directory along with the fixlog.txt log. Copy frst64.exe to your desktop so that when we run future fixes, it will put the logs on your desktop for easy access. :thumbsup:

Once you have copied frst64.exe to your desktop, please run a fresh scan and post it along with the fixlog.txt.

In your next post, I need to see:

fixlog.txt log

New FRST scan
  • 0

Advertisements


#17
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

No sorry I am already confused

 

I have saved FRST64 to my desk top what shall I do now please there is no other list saved in my down loads


  • 0

#18
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

No sorry I am already confused



I have saved FRST64 to my desk top what shall I do now please there is no other list saved in my down loads


Ok, no worries, we'll run through the fix again, with FRST64 on your desktop, it'll work better for us. :thumbsup:
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box (Do not copy the word "Quote") below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
Task: {07E8025A-45A4-4C33-A964-22C96EE24D7F} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-01-19] (SaveSense) <==== ATTENTION
Task: {3402051E-29C9-4728-B6FA-F8FA0BED6860} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-01-19] (SaveSense) <==== ATTENTION
Task: {DBF4C8F0-7FCF-4FFB-9B3A-6B4DFB1B6115} - System32\Tasks\SaveSense => C:\Users\Toshiba\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\Toshiba\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
C:\Program Files (x86)\SaveSenseLive
C:\Users\Toshiba\AppData\Roaming\SaveSense
C:\Users\Toshiba\AppData\Roaming\SAVESE~1
SearchScopes: HKCU - {7B3ACFDB-1523-4F9F-9275-BD28D033B1DC} URL =
BHO-x32: SaveSense - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files (x86)\SaveSense\SaveSenseIE.dll (SaveSense)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-19] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-19] (SaveSense)
S2 WajamUpdaterV3; "C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe" [X]
C:\Program Files (x86)\Wajam
2014-04-12 09:03 - 2014-01-19 17:03 - 00000300 _____ () C:\Windows\Tasks\SaveSense.job
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Fresh FRST Scan


Start FRST and press the Scan button. FRST will scan your system and produce one log this time on your desktop called frst.txt

Please post that log in your next reply as well.


Things I need to see in your next post:

fixlog.txt log

Fresh frst.txt log

  • 0

#19
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.
 

 

I do this and it tells me there is no fixlist.txt even tho i just saved it tp desk top


  • 0

#20
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I do this and it tells me there is no fixlist.txt even tho i just saved it tp desk top



Let's try this: Click on the attached fixlist.txt file and when it asks if you want to save it or open it, choose save and save it to the desktop. :thumbsup:

Attached Files


  • 0

#21
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

it doesnt ask me it just opens when I click on it tho


  • 0

#22
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Ok, when it opens, save it to the desktop as fixlist.txt, start frst and try hitting Fix again. :thumbsup:
  • 0

#23
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

I did that and the same thing happens


  • 0

#24
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

oh wait is this it

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2014 01
Ran by Toshiba at 2014-04-13 20:39:11 Run:1
Running from C:\Users\Toshiba\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
Task: {07E8025A-45A4-4C33-A964-22C96EE24D7F} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-01-19] (SaveSense) <==== ATTENTION
Task: {3402051E-29C9-4728-B6FA-F8FA0BED6860} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-01-19] (SaveSense) <==== ATTENTION
Task: {DBF4C8F0-7FCF-4FFB-9B3A-6B4DFB1B6115} - System32\Tasks\SaveSense => C:\Users\Toshiba\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\Toshiba\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
C:\Program Files (x86)\SaveSenseLive
C:\Users\Toshiba\AppData\Roaming\SaveSense
C:\Users\Toshiba\AppData\Roaming\SAVESE~1
SearchScopes: HKCU - {7B3ACFDB-1523-4F9F-9275-BD28D033B1DC} URL =
BHO-x32: SaveSense - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files (x86)\SaveSense\SaveSenseIE.dll (SaveSense)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-19] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-19] (SaveSense)
S2 WajamUpdaterV3; "C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe" [X]
C:\Program Files (x86)\Wajam
2014-04-12 09:03 - 2014-01-19 17:03 - 00000300 _____ () C:\Windows\Tasks\SaveSense.job
End
*****************
 
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07E8025A-45A4-4C33-A964-22C96EE24D7F} => Key not found.
C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSenseLiveUpdateTaskMachineUA => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3402051E-29C9-4728-B6FA-F8FA0BED6860} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3402051E-29C9-4728-B6FA-F8FA0BED6860} => Key deleted successfully.
C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSenseLiveUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBF4C8F0-7FCF-4FFB-9B3A-6B4DFB1B6115} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBF4C8F0-7FCF-4FFB-9B3A-6B4DFB1B6115} => Key deleted successfully.
C:\Windows\System32\Tasks\SaveSense not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSense => Key deleted successfully.
C:\Windows\Tasks\SaveSense.job not found.
C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job not found.
"C:\Program Files (x86)\SaveSenseLive" => File/Directory not found.
"C:\Users\Toshiba\AppData\Roaming\SaveSense" => File/Directory not found.
"C:\Users\Toshiba\AppData\Roaming\SAVESE~1" => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7B3ACFDB-1523-4F9F-9275-BD28D033B1DC} => Key deleted successfully.
HKCR\CLSID\{7B3ACFDB-1523-4F9F-9275-BD28D033B1DC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} => Key not found.
HKCR\Wow6432Node\CLSID\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
"C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk" => File/Directory not found.
savesenselive => Service not found.
savesenselivem => Service not found.
WajamUpdaterV3 => Service not found.
"C:\Program Files (x86)\Wajam" => File/Directory not found.
"C:\Windows\Tasks\SaveSense.job" => File/Directory not found.
 
==== End of Fixlog ====

  • 0

#25
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Awesome! :thumbsup: Now let's get a fresh frst scan and see how things look.

Start frst and press the scan button.

Frst will scan your system and produce one log. Please post it in your next reply.
  • 0

Advertisements


#26
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by Toshiba (administrator) on TOSHIBA-LAPTOP on 13-04-2014 21:19:31
Running from C:\Users\Toshiba\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5580752 2013-12-19] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3651715076-2135009398-3822136064-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [6032840 2013-12-19] (Safer-Networking Ltd.)
HKU\S-1-5-21-3651715076-2135009398-3822136064-1000\...\Run: [Facebook Update] - "C:\Users\Toshiba\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2BB9880B-B1A3-44E7-B737-9BC57D0524E7} URL = http://rover.ebay.co...e={searchTerms}
SearchScopes: HKCU - {EC979CB2-27EF-4114-B40F-B569AAAE26B2} URL = http://www.amazon.co...ed&linkCode=ur2
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Toshiba\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: hxxp://toshiba.msn.com/
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-19]
CHR Extension: (Google Drive) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-19]
CHR Extension: (YouTube) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-19]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-01-19]
CHR Extension: (Google Search) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-19]
CHR Extension: (Google Wallet) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-19]
CHR Extension: (Gmail) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-22]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-22] (AVAST Software)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3666392 2013-12-19] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2729432 2013-12-19] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-12-19] (Safer-Networking Ltd.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-22] ()
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-13 16:01 - 2014-04-13 19:56 - 00002093 _____ () C:\Users\Toshiba\Desktop\fixlist.txt
2014-04-13 15:07 - 2014-04-13 15:07 - 00000000 ____D () C:\Users\Toshiba\Downloads\FRST-OlderVersion
2014-04-13 15:06 - 2014-04-13 15:06 - 00001113 _____ () C:\Users\Toshiba\Desktop\FRST64 - Shortcut.lnk
2014-04-13 15:06 - 2014-04-13 15:06 - 00001093 _____ () C:\Users\Toshiba\Desktop\FRST - Shortcut.lnk
2014-04-13 15:04 - 2014-04-13 16:02 - 00001417 _____ () C:\Users\Toshiba\Desktop\FRST64 (1) - Shortcut.lnk
2014-04-13 14:17 - 2014-04-13 14:17 - 01016261 _____ (Thisisu) C:\Users\Toshiba\Downloads\JRT (1).exe
2014-04-13 14:07 - 2014-04-13 14:07 - 00000000 ____D () C:\Windows\ERUNT
2014-04-13 14:05 - 2014-04-13 14:05 - 01016261 _____ (Thisisu) C:\Users\Toshiba\Downloads\JRT.exe
2014-04-13 14:03 - 2014-04-13 14:03 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-04-13 13:51 - 2014-04-13 13:54 - 00000000 ____D () C:\AdwCleaner
2014-04-13 13:49 - 2014-04-13 13:50 - 01426178 _____ () C:\Users\Toshiba\Downloads\adwcleaner.exe
2014-04-12 09:30 - 2014-04-12 09:30 - 00001758 _____ () C:\Users\Toshiba\Downloads\asw.txt
2014-04-12 09:30 - 2014-04-12 09:30 - 00000512 _____ () C:\Users\Toshiba\Downloads\MBR.dat
2014-04-12 09:23 - 2014-04-12 09:23 - 04745728 _____ (AVAST Software) C:\Users\Toshiba\Downloads\aswmbr.exe
2014-04-12 09:23 - 2014-04-12 09:23 - 04745728 _____ (AVAST Software) C:\Users\Toshiba\Downloads\aswmbr (1).exe
2014-04-12 09:19 - 2014-04-12 09:21 - 00046846 _____ () C:\Users\Toshiba\Downloads\Addition.txt
2014-04-12 09:17 - 2014-04-13 21:19 - 00016966 _____ () C:\Users\Toshiba\Downloads\FRST.txt
2014-04-12 09:16 - 2014-04-13 21:19 - 00000000 ____D () C:\FRST
2014-04-12 09:15 - 2014-04-13 15:07 - 02157568 _____ (Farbar) C:\Users\Toshiba\Downloads\FRST64.exe
2014-04-09 14:41 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 14:41 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 14:41 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 14:41 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 14:33 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 14:33 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 14:33 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 14:33 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 14:33 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 14:32 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 14:32 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 14:32 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 14:32 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 14:32 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 14:32 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 14:32 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 14:32 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 14:32 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 14:32 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 14:32 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 14:27 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-03 21:32 - 2014-04-13 18:37 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000UA.job
2014-04-03 21:32 - 2014-04-13 03:15 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000Core.job
2014-04-03 21:32 - 2014-04-03 21:32 - 00003916 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000UA
2014-04-03 21:32 - 2014-04-03 21:32 - 00003548 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000Core
2014-04-03 21:31 - 2014-04-03 21:31 - 00501248 _____ (Facebook Inc.) C:\Users\Toshiba\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-03-24 16:09 - 2014-03-24 16:09 - 00030208 _____ () C:\Users\Toshiba\Downloads\prison-officers-dismissed-2012-annex-a.xls
2014-03-24 15:07 - 2014-03-24 15:08 - 01737487 _____ () C:\Users\Toshiba\Downloads\tweets.zip
2014-03-22 19:27 - 2014-03-22 19:27 - 00282768 _____ () C:\Windows\Minidump\032214-35942-01.dmp
2014-03-22 19:27 - 2014-03-22 19:27 - 00000000 ____D () C:\Windows\Minidump
2014-03-22 19:26 - 2014-03-22 19:26 - 330928399 _____ () C:\Windows\MEMORY.DMP
2014-03-22 19:25 - 2014-03-22 19:25 - 00000000 _____ () C:\Users\Toshiba\AppData\Local\{305559AD-913F-4296-A97A-0677F69EAF8A}
 
==================== One Month Modified Files and Folders =======
 
2014-04-13 21:19 - 2014-04-12 09:17 - 00016966 _____ () C:\Users\Toshiba\Downloads\FRST.txt
2014-04-13 21:19 - 2014-04-12 09:16 - 00000000 ____D () C:\FRST
2014-04-13 21:17 - 2014-01-18 11:49 - 01809129 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 20:37 - 2014-01-19 17:00 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-13 19:56 - 2014-04-13 16:01 - 00002093 _____ () C:\Users\Toshiba\Desktop\fixlist.txt
2014-04-13 18:49 - 2014-01-19 17:00 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-13 18:37 - 2014-04-03 21:32 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000UA.job
2014-04-13 16:02 - 2014-04-13 15:04 - 00001417 _____ () C:\Users\Toshiba\Desktop\FRST64 (1) - Shortcut.lnk
2014-04-13 15:07 - 2014-04-13 15:07 - 00000000 ____D () C:\Users\Toshiba\Downloads\FRST-OlderVersion
2014-04-13 15:07 - 2014-04-12 09:15 - 02157568 _____ (Farbar) C:\Users\Toshiba\Downloads\FRST64.exe
2014-04-13 15:06 - 2014-04-13 15:06 - 00001113 _____ () C:\Users\Toshiba\Desktop\FRST64 - Shortcut.lnk
2014-04-13 15:06 - 2014-04-13 15:06 - 00001093 _____ () C:\Users\Toshiba\Desktop\FRST - Shortcut.lnk
2014-04-13 14:17 - 2014-04-13 14:17 - 01016261 _____ (Thisisu) C:\Users\Toshiba\Downloads\JRT (1).exe
2014-04-13 14:07 - 2014-04-13 14:07 - 00000000 ____D () C:\Windows\ERUNT
2014-04-13 14:05 - 2014-04-13 14:05 - 01016261 _____ (Thisisu) C:\Users\Toshiba\Downloads\JRT.exe
2014-04-13 14:05 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 14:05 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 14:03 - 2014-04-13 14:03 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-04-13 13:59 - 2014-01-22 21:11 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-13 13:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-13 13:56 - 2014-01-23 09:32 - 00012237 _____ () C:\Windows\setupact.log
2014-04-13 13:54 - 2014-04-13 13:51 - 00000000 ____D () C:\AdwCleaner
2014-04-13 13:50 - 2014-04-13 13:49 - 01426178 _____ () C:\Users\Toshiba\Downloads\adwcleaner.exe
2014-04-13 09:20 - 2014-01-22 18:19 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-13 03:18 - 2010-04-01 10:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-13 03:15 - 2014-04-03 21:32 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000Core.job
2014-04-12 09:30 - 2014-04-12 09:30 - 00001758 _____ () C:\Users\Toshiba\Downloads\asw.txt
2014-04-12 09:30 - 2014-04-12 09:30 - 00000512 _____ () C:\Users\Toshiba\Downloads\MBR.dat
2014-04-12 09:23 - 2014-04-12 09:23 - 04745728 _____ (AVAST Software) C:\Users\Toshiba\Downloads\aswmbr.exe
2014-04-12 09:23 - 2014-04-12 09:23 - 04745728 _____ (AVAST Software) C:\Users\Toshiba\Downloads\aswmbr (1).exe
2014-04-12 09:21 - 2014-04-12 09:19 - 00046846 _____ () C:\Users\Toshiba\Downloads\Addition.txt
2014-04-11 08:19 - 2014-01-19 17:02 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 10:06 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 09:43 - 2014-01-19 00:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 09:31 - 2014-01-19 00:55 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 17:01 - 2014-01-19 17:22 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\FullTiltPoker
2014-04-08 17:01 - 2014-01-19 17:17 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker
2014-04-08 00:04 - 2014-02-28 22:19 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\AuxClient
2014-04-03 23:21 - 2014-01-18 15:53 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-03 23:20 - 2014-01-18 15:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 23:20 - 2014-01-18 15:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-03 21:32 - 2014-04-03 21:32 - 00003916 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000UA
2014-04-03 21:32 - 2014-04-03 21:32 - 00003548 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000Core
2014-04-03 21:31 - 2014-04-03 21:31 - 00501248 _____ (Facebook Inc.) C:\Users\Toshiba\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-03-31 06:13 - 2014-01-19 18:03 - 00000134 _____ () C:\Users\Toshiba\AppData\Roaming\WB.CFG
2014-03-31 02:16 - 2014-04-09 14:41 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 02:13 - 2014-04-09 14:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 01:13 - 2014-04-09 14:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 00:57 - 2014-04-09 14:41 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-28 19:32 - 2014-01-19 17:00 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 19:32 - 2014-01-19 17:00 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 08:59 - 2014-01-20 02:20 - 00000000 ____D () C:\Users\Amanda
2014-03-24 16:09 - 2014-03-24 16:09 - 00030208 _____ () C:\Users\Toshiba\Downloads\prison-officers-dismissed-2012-annex-a.xls
2014-03-24 15:08 - 2014-03-24 15:07 - 01737487 _____ () C:\Users\Toshiba\Downloads\tweets.zip
2014-03-22 19:27 - 2014-03-22 19:27 - 00282768 _____ () C:\Windows\Minidump\032214-35942-01.dmp
2014-03-22 19:27 - 2014-03-22 19:27 - 00000000 ____D () C:\Windows\Minidump
2014-03-22 19:26 - 2014-03-22 19:26 - 330928399 _____ () C:\Windows\MEMORY.DMP
2014-03-22 19:25 - 2014-03-22 19:25 - 00000000 _____ () C:\Users\Toshiba\AppData\Local\{305559AD-913F-4296-A97A-0677F69EAF8A}
2014-03-20 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
 
Some content of TEMP:
====================
C:\Users\Toshiba\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-19 02:02
 
==================== End Of Log ============================

  • 0

#27
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looking good! :thumbsup: How is the machine running?

Let's clean out the temp files and then run some scans for remnants.


Step 1: Temporary File Cleaner


Download TFC by OldTimer to your desktop.
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 2: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop



Step 3: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 4: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#28
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

I did step 2...then

 

rebooted now I cannot find 

 

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop

 

 

 

I am going to run step 3 tonight while I am asleep as you said it takes ages so will post the file Tommorrow


  • 0

#29
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

Computer still a bit slow...every time it reboots or starts up a box opens stating 

 

Toshiba notepad has shut down and the computer takes ages to start


  • 0

#30
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I did step 2...then



rebooted now I cannot find



On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop


Hi :)

Start Malwarebytes and then click the Scan button. That will bring up the Scan panel and then click on View Detailed Log to right of the control panel. :thumbsup:



I am going to run step 3 tonight while I am asleep as you said it takes ages so will post the file Tommorrow


:thumbsup:


Computer still a bit slow...every time it reboots or starts up a box opens stating



Toshiba notepad has shut down and the computer takes ages to start



Ok, thank you, we may have to look a bit deeper after these scans. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP