Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Had laptop fixed now its slow [Solved]


  • This topic is locked This topic is locked

#31
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts
<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2014/04/15 14:58:14 +0100</date>
 
<log>mbam-log-2014-04-15 (13-42-30).xml</log>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.00.1.1004</version>
 
<rules-database>v2014.04.15.05</rules-database>
 
<swissarmy-database>v2014.03.27.01</swissarmy-database>
 
<license>trial</license>
 
<file-protection>enabled</file-protection>
 
<web-protection>enabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>Toshiba</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>276663</objects>
 
<time>4529</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>0</keys>
 
<values>0</values>
 
<datas>0</datas>
 
<folders>0</folders>
 
<files>1</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>disabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<shuriken>enabled</shuriken>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
 
-<items>
 
 
-<file>
 
<path>C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Preferences</path>
 
<vendor>PUP.Optional.FunMoods.A</vendor>
 
<action/>
 
<baddata> "startup_urls": [ "http://searchfunmood...B&cr=2049315635" ],</baddata>
 
<gooddata/>
 
<hash>821ff337b1cab6801eddb7979b696997</hash>
 
</file>
 
</items>
 
</mbam-log>

  • 0

Advertisements


#32
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt

 

cant find the log to post


  • 0

#33
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

ok laptop is running at all time slow. It took me 9 minutes to load this page. Simple places like facebook taking ages to load I can hear  the lap top chugging away like its struggling, th elittle icon then stops then everything freezes then starts again and loads up really quick. Its never been so slow


  • 0

#34
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt



cant find the log to post


Did you happen to see if it had found any threats during the scan? Also, we'll run Malwarebytes again a bit later on to check again. :thumbsup:

 

ok laptop is running at all time slow. It took me 9 minutes to load this page. Simple places like facebook taking ages to load I can hear  the lap top chugging away like its struggling, th elittle icon then stops then everything freezes then starts again and loads up really quick. Its never been so slow


Ok, let's take a deeper look. :)



Step 1: TDSSKiller Scan


Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png
  • Put a checkmark beside loaded modules.

    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.

    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 2: Fresh FRST Scan

Start Farbar's Recovery Scan Tool and press the Scan button. It will scan your computer and produce one log this time.

Please post it in your next reply.


Things I need to see in your next post:

TDSSKiller Log

Fresh FRST Scan Log

  • 0

#35
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

Did you happen to see if it had found any threats during the scan? Also, we'll run Malwarebytes again a bit later on to check again

 

yes 9 threats


  • 0

#36
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

step 1 I clicked on TDs link and this came up

 

This webpage has a redirect loop
  • 0

#37
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

step 1 I clicked on TDs link and this came up


This webpage has a redirect loop


Ok, I've had this happen before, so let's do this. :)


Manually type this into your web browser's address bar and then hit Enter.

support.kaspersky.com/downloads/utils/tdsskiller.exe


That should work. Once you have downloaded it, please follow the instructions for running it in post #34. Also, don't forget to run a fresh Farbar's Recovery Scan tool scan and post that log as well.

Things I need to see in your next post

TDSSKiller Log

Fresh FRST Log

  • 0

#38
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

TDS killer no threats and I cannot find a report to post when I clicked on report in wont let me copy and paste

 

when I rebooted before the tds scan I got the bsod


  • 0

#39
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts
ery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 01
Ran by Toshiba (administrator) on TOSHIBA-LAPTOP on 16-04-2014 16:18:38
Running from C:\Users\Toshiba\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Farbar) C:\Users\Toshiba\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5580752 2013-12-19] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3651715076-2135009398-3822136064-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [6032840 2013-12-19] (Safer-Networking Ltd.)
HKU\S-1-5-21-3651715076-2135009398-3822136064-1000\...\Run: [Facebook Update] => "C:\Users\Toshiba\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {ED35C8C2-EF24-4426-81B8-34EC410EE7AD} URL = 
SearchScopes: HKCU - {2BB9880B-B1A3-44E7-B737-9BC57D0524E7} URL = http://rover.ebay.co...e={searchTerms}
SearchScopes: HKCU - {EC979CB2-27EF-4114-B40F-B569AAAE26B2} URL = http://www.amazon.co...ed&linkCode=ur2
SearchScopes: HKCU - {ED35C8C2-EF24-4426-81B8-34EC410EE7AD} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Toshiba\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: hxxp://toshiba.msn.com/
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-19]
CHR Extension: (Google Drive) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-19]
CHR Extension: (YouTube) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-19]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-01-19]
CHR Extension: (Google Search) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-19]
CHR Extension: (Google Wallet) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-19]
CHR Extension: (Gmail) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-22]
 
==================== Services (Whitelisted) =================
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-22] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3666392 2013-12-19] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2729432 2013-12-19] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-12-19] (Safer-Networking Ltd.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-22] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-22] ()
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-16 16:17 - 2014-04-16 16:18 - 02158080 _____ (Farbar) C:\Users\Toshiba\Downloads\FRST64 (1).exe
2014-04-16 16:08 - 2014-04-16 16:08 - 00283168 _____ () C:\Windows\Minidump\041614-20420-01.dmp
2014-04-16 16:02 - 2014-04-16 16:02 - 04118280 _____ () C:\Users\Toshiba\Downloads\tdsskiller.zip
2014-04-16 16:01 - 2014-04-16 16:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Toshiba\Downloads\tdsskiller.exe
2014-04-15 15:25 - 2014-04-15 15:26 - 02347384 _____ (ESET) C:\Users\Toshiba\Downloads\esetsmartinstaller_enu (2).exe
2014-04-15 15:07 - 2014-04-15 15:07 - 02347384 _____ (ESET) C:\Users\Toshiba\Downloads\esetsmartinstaller_enu (1).exe
2014-04-15 14:58 - 2014-04-15 14:58 - 00003418 _____ () C:\mal.xml
2014-04-14 23:13 - 2014-04-14 23:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-14 23:12 - 2014-04-14 23:13 - 02347384 _____ (ESET) C:\Users\Toshiba\Downloads\esetsmartinstaller_enu.exe
2014-04-14 22:04 - 2014-04-16 16:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 22:04 - 2014-04-14 22:04 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-14 22:03 - 2014-04-14 22:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 22:03 - 2014-04-14 22:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:03 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 22:03 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 22:03 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 22:02 - 2014-04-14 22:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Toshiba\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-14 21:49 - 2014-04-14 21:49 - 00448512 _____ (OldTimer Tools) C:\Users\Toshiba\Downloads\TFC.exe
2014-04-13 16:01 - 2014-04-13 19:56 - 00002093 _____ () C:\Users\Toshiba\Desktop\fixlist.txt
2014-04-13 15:07 - 2014-04-13 15:07 - 00000000 ____D () C:\Users\Toshiba\Downloads\FRST-OlderVersion
2014-04-13 15:06 - 2014-04-13 15:06 - 00001113 _____ () C:\Users\Toshiba\Desktop\FRST64 - Shortcut.lnk
2014-04-13 15:06 - 2014-04-13 15:06 - 00001093 _____ () C:\Users\Toshiba\Desktop\FRST - Shortcut.lnk
2014-04-13 15:04 - 2014-04-13 16:02 - 00001417 _____ () C:\Users\Toshiba\Desktop\FRST64 (1) - Shortcut.lnk
2014-04-13 14:17 - 2014-04-13 14:17 - 01016261 _____ (Thisisu) C:\Users\Toshiba\Downloads\JRT (1).exe
2014-04-13 14:07 - 2014-04-13 14:07 - 00000000 ____D () C:\Windows\ERUNT
2014-04-13 14:05 - 2014-04-13 14:05 - 01016261 _____ (Thisisu) C:\Users\Toshiba\Downloads\JRT.exe
2014-04-13 14:03 - 2014-04-16 16:13 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-04-13 13:51 - 2014-04-13 13:54 - 00000000 ____D () C:\AdwCleaner
2014-04-13 13:49 - 2014-04-13 13:50 - 01426178 _____ () C:\Users\Toshiba\Downloads\adwcleaner.exe
2014-04-12 09:30 - 2014-04-12 09:30 - 00001758 _____ () C:\Users\Toshiba\Downloads\asw.txt
2014-04-12 09:30 - 2014-04-12 09:30 - 00000512 _____ () C:\Users\Toshiba\Downloads\MBR.dat
2014-04-12 09:23 - 2014-04-12 09:23 - 04745728 _____ (AVAST Software) C:\Users\Toshiba\Downloads\aswmbr.exe
2014-04-12 09:23 - 2014-04-12 09:23 - 04745728 _____ (AVAST Software) C:\Users\Toshiba\Downloads\aswmbr (1).exe
2014-04-12 09:19 - 2014-04-13 21:20 - 00043482 _____ () C:\Users\Toshiba\Downloads\Addition.txt
2014-04-12 09:17 - 2014-04-16 16:18 - 00018173 _____ () C:\Users\Toshiba\Downloads\FRST.txt
2014-04-12 09:16 - 2014-04-16 16:18 - 00000000 ____D () C:\FRST
2014-04-12 09:15 - 2014-04-13 15:07 - 02157568 _____ (Farbar) C:\Users\Toshiba\Downloads\FRST64.exe
2014-04-09 14:41 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 14:41 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 14:41 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 14:41 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 14:33 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 14:33 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 14:33 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 14:33 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 14:33 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 14:32 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 14:32 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 14:32 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 14:32 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 14:32 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 14:32 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 14:32 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 14:32 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 14:32 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 14:32 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 14:32 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 14:27 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-03 21:32 - 2014-04-16 15:37 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000UA.job
2014-04-03 21:32 - 2014-04-15 21:37 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000Core.job
2014-04-03 21:32 - 2014-04-03 21:32 - 00003916 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000UA
2014-04-03 21:32 - 2014-04-03 21:32 - 00003548 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000Core
2014-04-03 21:31 - 2014-04-03 21:31 - 00501248 _____ (Facebook Inc.) C:\Users\Toshiba\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-03-24 16:09 - 2014-03-24 16:09 - 00030208 _____ () C:\Users\Toshiba\Downloads\prison-officers-dismissed-2012-annex-a.xls
2014-03-24 15:07 - 2014-03-24 15:08 - 01737487 _____ () C:\Users\Toshiba\Downloads\tweets.zip
2014-03-22 19:27 - 2014-04-16 16:08 - 00000000 ____D () C:\Windows\Minidump
2014-03-22 19:27 - 2014-03-22 19:27 - 00282768 _____ () C:\Windows\Minidump\032214-35942-01.dmp
2014-03-22 19:26 - 2014-04-16 16:07 - 273832927 _____ () C:\Windows\MEMORY.DMP
2014-03-22 19:25 - 2014-03-22 19:25 - 00000000 _____ () C:\Users\Toshiba\AppData\Local\{305559AD-913F-4296-A97A-0677F69EAF8A}
 
==================== One Month Modified Files and Folders =======
 
2014-04-16 16:18 - 2014-04-16 16:17 - 02158080 _____ (Farbar) C:\Users\Toshiba\Downloads\FRST64 (1).exe
2014-04-16 16:18 - 2014-04-12 09:17 - 00018173 _____ () C:\Users\Toshiba\Downloads\FRST.txt
2014-04-16 16:18 - 2014-04-12 09:16 - 00000000 ____D () C:\FRST
2014-04-16 16:17 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 16:17 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 16:13 - 2014-04-13 14:03 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-04-16 16:10 - 2014-04-14 22:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 16:09 - 2014-01-19 17:00 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 16:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 16:08 - 2014-04-16 16:08 - 00283168 _____ () C:\Windows\Minidump\041614-20420-01.dmp
2014-04-16 16:08 - 2014-03-22 19:27 - 00000000 ____D () C:\Windows\Minidump
2014-04-16 16:08 - 2014-01-23 09:32 - 00012741 _____ () C:\Windows\setupact.log
2014-04-16 16:07 - 2014-03-22 19:26 - 273832927 _____ () C:\Windows\MEMORY.DMP
2014-04-16 16:04 - 2014-01-18 11:49 - 02024972 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 16:02 - 2014-04-16 16:02 - 04118280 _____ () C:\Users\Toshiba\Downloads\tdsskiller.zip
2014-04-16 16:01 - 2014-04-16 16:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Toshiba\Downloads\tdsskiller.exe
2014-04-16 15:37 - 2014-04-03 21:32 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000UA.job
2014-04-16 15:37 - 2014-01-19 17:00 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-15 21:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-04-15 21:37 - 2014-04-03 21:32 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000Core.job
2014-04-15 21:11 - 2014-01-22 21:11 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-15 15:26 - 2014-04-15 15:25 - 02347384 _____ (ESET) C:\Users\Toshiba\Downloads\esetsmartinstaller_enu (2).exe
2014-04-15 15:07 - 2014-04-15 15:07 - 02347384 _____ (ESET) C:\Users\Toshiba\Downloads\esetsmartinstaller_enu (1).exe
2014-04-15 14:58 - 2014-04-15 14:58 - 00003418 _____ () C:\mal.xml
2014-04-14 23:13 - 2014-04-14 23:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-14 23:13 - 2014-04-14 23:12 - 02347384 _____ (ESET) C:\Users\Toshiba\Downloads\esetsmartinstaller_enu.exe
2014-04-14 22:25 - 2014-01-23 09:32 - 00004242 _____ () C:\Windows\PFRO.log
2014-04-14 22:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2014-04-14 22:04 - 2014-04-14 22:04 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-14 22:04 - 2014-04-14 22:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 22:03 - 2014-04-14 22:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:03 - 2014-04-14 22:02 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Toshiba\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-14 21:49 - 2014-04-14 21:49 - 00448512 _____ (OldTimer Tools) C:\Users\Toshiba\Downloads\TFC.exe
2014-04-13 21:20 - 2014-04-12 09:19 - 00043482 _____ () C:\Users\Toshiba\Downloads\Addition.txt
2014-04-13 19:56 - 2014-04-13 16:01 - 00002093 _____ () C:\Users\Toshiba\Desktop\fixlist.txt
2014-04-13 16:02 - 2014-04-13 15:04 - 00001417 _____ () C:\Users\Toshiba\Desktop\FRST64 (1) - Shortcut.lnk
2014-04-13 15:07 - 2014-04-13 15:07 - 00000000 ____D () C:\Users\Toshiba\Downloads\FRST-OlderVersion
2014-04-13 15:07 - 2014-04-12 09:15 - 02157568 _____ (Farbar) C:\Users\Toshiba\Downloads\FRST64.exe
2014-04-13 15:06 - 2014-04-13 15:06 - 00001113 _____ () C:\Users\Toshiba\Desktop\FRST64 - Shortcut.lnk
2014-04-13 15:06 - 2014-04-13 15:06 - 00001093 _____ () C:\Users\Toshiba\Desktop\FRST - Shortcut.lnk
2014-04-13 14:17 - 2014-04-13 14:17 - 01016261 _____ (Thisisu) C:\Users\Toshiba\Downloads\JRT (1).exe
2014-04-13 14:07 - 2014-04-13 14:07 - 00000000 ____D () C:\Windows\ERUNT
2014-04-13 14:05 - 2014-04-13 14:05 - 01016261 _____ (Thisisu) C:\Users\Toshiba\Downloads\JRT.exe
2014-04-13 13:54 - 2014-04-13 13:51 - 00000000 ____D () C:\AdwCleaner
2014-04-13 13:50 - 2014-04-13 13:49 - 01426178 _____ () C:\Users\Toshiba\Downloads\adwcleaner.exe
2014-04-13 09:20 - 2014-01-22 18:19 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-13 03:18 - 2010-04-01 10:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-12 09:30 - 2014-04-12 09:30 - 00001758 _____ () C:\Users\Toshiba\Downloads\asw.txt
2014-04-12 09:30 - 2014-04-12 09:30 - 00000512 _____ () C:\Users\Toshiba\Downloads\MBR.dat
2014-04-12 09:23 - 2014-04-12 09:23 - 04745728 _____ (AVAST Software) C:\Users\Toshiba\Downloads\aswmbr.exe
2014-04-12 09:23 - 2014-04-12 09:23 - 04745728 _____ (AVAST Software) C:\Users\Toshiba\Downloads\aswmbr (1).exe
2014-04-11 08:19 - 2014-01-19 17:02 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 10:06 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 09:43 - 2014-01-19 00:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 09:31 - 2014-01-19 00:55 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 17:01 - 2014-01-19 17:22 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\FullTiltPoker
2014-04-08 17:01 - 2014-01-19 17:17 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker
2014-04-08 00:04 - 2014-02-28 22:19 - 00000000 ____D () C:\Users\Toshiba\AppData\Local\AuxClient
2014-04-03 23:21 - 2014-01-18 15:53 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-03 23:20 - 2014-01-18 15:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 23:20 - 2014-01-18 15:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-03 21:32 - 2014-04-03 21:32 - 00003916 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000UA
2014-04-03 21:32 - 2014-04-03 21:32 - 00003548 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3651715076-2135009398-3822136064-1000Core
2014-04-03 21:31 - 2014-04-03 21:31 - 00501248 _____ (Facebook Inc.) C:\Users\Toshiba\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-04-03 09:51 - 2014-04-14 22:03 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 22:03 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 22:03 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 06:13 - 2014-01-19 18:03 - 00000134 _____ () C:\Users\Toshiba\AppData\Roaming\WB.CFG
2014-03-31 02:16 - 2014-04-09 14:41 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 02:13 - 2014-04-09 14:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 01:13 - 2014-04-09 14:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 00:57 - 2014-04-09 14:41 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-28 19:32 - 2014-01-19 17:00 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 19:32 - 2014-01-19 17:00 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 08:59 - 2014-01-20 02:20 - 00000000 ____D () C:\Users\Amanda
2014-03-24 16:09 - 2014-03-24 16:09 - 00030208 _____ () C:\Users\Toshiba\Downloads\prison-officers-dismissed-2012-annex-a.xls
2014-03-24 15:08 - 2014-03-24 15:07 - 01737487 _____ () C:\Users\Toshiba\Downloads\tweets.zip
2014-03-22 19:27 - 2014-03-22 19:27 - 00282768 _____ () C:\Windows\Minidump\032214-35942-01.dmp
2014-03-22 19:25 - 2014-03-22 19:25 - 00000000 _____ () C:\Users\Toshiba\AppData\Local\{305559AD-913F-4296-A97A-0677F69EAF8A}
2014-03-20 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
 
Some content of TEMP:
====================
C:\Users\Toshiba\AppData\Local\Temp\{13126466-773D-409A-B30C-09E6F59A00B8}.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-15 20:02

  • 0

#40
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hmm...The FRST scan log is clean and you said the TDSS Killer log was clean as well. I'm starting to believe that this is a hardware problem and not a malware problem.

Let's take a look with Malwarebytes Anti-Malware as it found one threat earlier. The threats that ESET found are more than likely the quarantined files from the infections we kill earlier. Please follow the directions below.


Scan with Malwarebytes Anti Malware


Start the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot) select View Detailed Log

Select Export > Select text file and save to the desktop

Things I need to see in your next post

Malwarebyes Anti-Malware Log

  • 0

Advertisements


#41
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

everytime I log off or sleep the bsod comes up this was not happening before


  • 0

#42
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

I just had this lap top fitted with a new harddrive 3 months ago


  • 0

#43
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 17/04/2014
Scan Time: 00:55:41
Logfile: log.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.16.11
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Toshiba
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 278498
Time Elapsed: 19 min, 38 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.FunMoods.A, C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://searchfunmood...B&cr=2049315635" ],), Replaced,[b64a37c90ef2dd237266470a14f016ea]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#44
dustypink

dustypink

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 432 posts

it didnt ask to reboot


  • 0

#45
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

it didnt ask to reboot


Ok, no worries there. :) I need to take a look at these 2 files on your computer, they may have the reason for the bsod.
 

C:\Windows\Minidump\041614-20420-01.dmp
C:\Windows\Minidump\032214-35942-01.dmp


Click Start then Computer and then select C:\

Click on the Windows folder, then the Minidump folder. Left click the 041614-20420-01.dmp file and then hold the Shift key down and left click the 032214-35942-01.dmp file. This will enable you to select them both.

Release the shift key, right click and select Add to Archive.   A menu will open and in the bar with the name, give it the name minidump. Select Zip from the 3 selections just below the bar with the name. Click ok, and it will create an archive called minidump.zip.

Please attach that file in your next reply by clicking More Reply Options at the bottom right of the page, then select Attach files. Click the Browse button and then navigate to the C:\Windows\Minidump folder and select the minidump.zip folder.

 

We'll see what's in those for our next move. :thumbsup:
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP