Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Mandient Cyber Security Virus
Message
<blockquote data-quote="pennie59" data-source="post: 143863" data-attributes="member: 14789"><p>Here it is:</p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01</p><p>Ran by SYSTEM on MININT-G8RTUGR on 12-11-2013 16:56:10</p><p>Running from F:\</p><p>Windows 7 Home Premium (X64) OS Language: English(US)</p><p>Internet Explorer Version 10</p><p>Boot Mode: Recovery</p><p></p><p>The current controlset is ControlSet002</p><p><strong>ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [] - [x]</p><p>HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [566184 2010-09-28] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosNC] - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)</p><p>HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()</p><p>HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch</p><p>HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)</p><p>HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)</p><p>HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()</p><p>HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)</p><p>HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)</p><p>HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)</p><p>HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)</p><p>HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [3218792 2010-08-17] (Toshiba)</p><p>HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)</p><p>HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150016 2008-08-20] (Hewlett-Packard)</p><p>HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-22] (AVG Technologies CZ, s.r.o.)</p><p>HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)</p><p>HKLM-x32\...\Run: [Adobe Photo Downloader] - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [67752 2006-12-22] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)</p><p>HKU\Will\...\Winlogon: [Shell] explorer.exe,C:\Users\Will\AppData\Roaming\cache.dat [99328 2013-11-10] () <==== ATTENTION </p><p>AppInit_DLLs: [0 ] ()</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()</p><p>S2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)</p><p>S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)</p><p>S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)</p><p>S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)</p><p>S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)</p><p>S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)</p><p>S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)</p><p>S2 Winmgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)</p><p>S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-19] (AVG Technologies CZ, s.r.o.)</p><p>S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-19] (AVG Technologies CZ, s.r.o.)</p><p>S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-19] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-19] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-06-30] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-04] (AVG Technologies CZ, s.r.o.)</p><p>S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.)</p><p>S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-11-12 16:56 - 2013-11-12 16:56 - 00000000 ____D C:\FRST</p><p>2013-11-11 14:21 - 2013-11-11 14:21 - 00000000 __SHD C:\found.000</p><p>2013-11-10 20:50 - 2013-11-10 12:50 - 00099328 ____R C:\Users\Will\AppData\Roaming\cache.dat</p><p>2013-11-10 17:48 - 2013-11-10 17:48 - 00000000 _____ C:\Windows\System32\startmenu</p><p>2013-11-10 12:55 - 2013-11-11 16:45 - 00001042 _____ C:\Windows\setupact.log</p><p>2013-11-10 12:55 - 2013-11-10 12:55 - 00000000 _____ C:\Windows\setuperr.log</p><p>2013-11-10 12:54 - 2013-11-10 12:54 - 00023932 _____ C:\Windows\PFRO.log</p><p>2013-11-10 12:51 - 2013-11-12 00:36 - 00000004 _____ C:\Users\Will\AppData\Roaming\cache.ini</p><p>2013-11-10 08:59 - 2013-11-10 08:59 - 00000000 ____D C:\Users\Will\AppData\Local\{ADFC733B-A2B4-4B54-81B2-51C3E0F0F477}</p><p>2013-11-09 18:38 - 2013-11-09 18:38 - 00001514 _____ C:\Users\Will\Desktop\VP-6150 - Shortcut.lnk</p><p>2013-11-09 16:08 - 2013-11-09 16:08 - 00000000 ____D C:\Users\Will\AppData\Local\{9BE74857-C16E-48A1-9C09-C2A5E76BC15A}</p><p>2013-11-08 16:17 - 2013-11-08 16:17 - 00004021 _____ C:\Users\Will\Desktop\VP-6066 - Shortcut.lnk</p><p>2013-11-08 16:17 - 2013-11-08 16:17 - 00004021 _____ C:\Users\Will\Desktop\VP-6064 - Shortcut.lnk</p><p>2013-11-08 16:17 - 2013-11-08 16:17 - 00004021 _____ C:\Users\Will\Desktop\VP-6060 - Shortcut.lnk</p><p>2013-10-27 06:03 - 2013-10-27 06:03 - 00000000 ____D C:\Users\Will\AppData\Local\{B4750301-9965-45CB-8D72-B0E4E61247B1}</p><p>2013-10-25 06:04 - 2013-10-25 06:04 - 00000000 ____D C:\Users\Will\AppData\Local\{D0C3B92C-83E8-4CB7-9AB0-6D7B4E6260F8}</p><p>2013-10-24 15:23 - 2013-10-24 15:23 - 00000000 ____D C:\Users\Will\AppData\Local\{8DB9A031-6834-4805-A82D-BC3AB544EB84}</p><p>2013-10-16 14:51 - 2013-10-16 14:51 - 00000000 ____D C:\Users\Will\AppData\Local\{F04691BB-C1B0-4A29-85E0-886EDE601867}</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-11-12 16:56 - 2013-11-12 16:56 - 00000000 ____D C:\FRST</p><p>2013-11-12 00:38 - 2011-09-30 07:28 - 01102296 _____ C:\Windows\WindowsUpdate.log</p><p>2013-11-12 00:36 - 2013-11-10 12:51 - 00000004 _____ C:\Users\Will\AppData\Roaming\cache.ini</p><p>2013-11-12 00:36 - 2011-10-08 14:17 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-11-12 00:35 - 2011-10-08 14:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-11-12 00:24 - 2011-10-06 12:58 - 00000000 ____D C:\ProgramData\MFAData</p><p>2013-11-12 00:10 - 2012-04-03 14:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-11-11 16:53 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-11-11 16:53 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-11-11 16:45 - 2013-11-10 12:55 - 00001042 _____ C:\Windows\setupact.log</p><p>2013-11-11 16:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2013-11-11 14:21 - 2013-11-11 14:21 - 00000000 __SHD C:\found.000</p><p>2013-11-10 18:16 - 2013-09-24 15:46 - 00000000 ____D C:\Windows\pss</p><p>2013-11-10 17:48 - 2013-11-10 17:48 - 00000000 _____ C:\Windows\System32\startmenu</p><p>2013-11-10 12:55 - 2013-11-10 12:55 - 00000000 _____ C:\Windows\setuperr.log</p><p>2013-11-10 12:54 - 2013-11-10 12:54 - 00023932 _____ C:\Windows\PFRO.log</p><p>2013-11-10 12:50 - 2013-11-10 20:50 - 00099328 ____R C:\Users\Will\AppData\Roaming\cache.dat</p><p>2013-11-10 08:59 - 2013-11-10 08:59 - 00000000 ____D C:\Users\Will\AppData\Local\{ADFC733B-A2B4-4B54-81B2-51C3E0F0F477}</p><p>2013-11-10 08:29 - 2013-07-20 16:54 - 00000000 ____D C:\Users\Will\Desktop\Desktop Files</p><p>2013-11-09 18:38 - 2013-11-09 18:38 - 00001514 _____ C:\Users\Will\Desktop\VP-6150 - Shortcut.lnk</p><p>2013-11-09 16:08 - 2013-11-09 16:08 - 00000000 ____D C:\Users\Will\AppData\Local\{9BE74857-C16E-48A1-9C09-C2A5E76BC15A}</p><p>2013-11-08 20:31 - 2011-10-06 13:06 - 00000000 ____D C:\Users\Will\Documents\Outlook Files</p><p>2013-11-08 20:14 - 2012-09-22 17:37 - 00000000 ____D C:\Users\Will\AppData\Local\DFE3E515-0A23-4D06-A2A7-1FC162D3F453.aplzod</p><p>2013-11-08 16:17 - 2013-11-08 16:17 - 00004021 _____ C:\Users\Will\Desktop\VP-6066 - Shortcut.lnk</p><p>2013-11-08 16:17 - 2013-11-08 16:17 - 00004021 _____ C:\Users\Will\Desktop\VP-6064 - Shortcut.lnk</p><p>2013-11-08 16:17 - 2013-11-08 16:17 - 00004021 _____ C:\Users\Will\Desktop\VP-6060 - Shortcut.lnk</p><p>2013-11-08 15:35 - 2011-10-05 14:26 - 00000000 ____D C:\users\Will</p><p>2013-10-27 06:03 - 2013-10-27 06:03 - 00000000 ____D C:\Users\Will\AppData\Local\{B4750301-9965-45CB-8D72-B0E4E61247B1}</p><p>2013-10-25 06:04 - 2013-10-25 06:04 - 00000000 ____D C:\Users\Will\AppData\Local\{D0C3B92C-83E8-4CB7-9AB0-6D7B4E6260F8}</p><p>2013-10-24 15:23 - 2013-10-24 15:23 - 00000000 ____D C:\Users\Will\AppData\Local\{8DB9A031-6834-4805-A82D-BC3AB544EB84}</p><p>2013-10-16 14:51 - 2013-10-16 14:51 - 00000000 ____D C:\Users\Will\AppData\Local\{F04691BB-C1B0-4A29-85E0-886EDE601867}</p><p>2013-10-13 10:30 - 2011-10-08 14:17 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2013-10-13 10:30 - 2011-10-08 14:17 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p></p><p>Files to move or delete:</p><p>====================</p><p>C:\Users\Will\AppData\Roaming\cache.dat</p><p>C:\Users\Will\AppData\Roaming\cache.ini</p><p>C:\ProgramData\brgldb.ctrl</p><p>C:\ProgramData\brgldb.pff</p><p>C:\ProgramData\rljw9to.ctrl</p><p>C:\ProgramData\rljw9to.pff</p><p></p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\Will\AppData\Local\Temp\advanced-systemcare.exe</p><p></p><p></p><p>==================== Known DLLs (Whitelisted) ================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>13</p><p>Restore point made on: 2013-10-31 18:51:35</p><p>Restore point made on: 2013-11-01 18:33:48</p><p>Restore point made on: 2013-11-02 19:17:50</p><p>Restore point made on: 2013-11-03 16:20:49</p><p>Restore point made on: 2013-11-04 16:05:04</p><p>Restore point made on: 2013-11-05 16:32:29</p><p>Restore point made on: 2013-11-06 16:55:14</p><p>Restore point made on: 2013-11-08 00:00:20</p><p>Restore point made on: 2013-11-09 06:32:30</p><p>Restore point made on: 2013-11-10 00:00:23</p><p>Restore point made on: 2013-11-11 16:52:45</p><p>Restore point made on: 2013-11-12 00:00:20</p><p>Restore point made on: 2013-11-12 00:38:36</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 14%</p><p>Total physical RAM: 3893.86 MB</p><p>Available physical RAM: 3324.71 MB</p><p>Total Pagefile: 3892.01 MB</p><p>Available Pagefile: 3307.32 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.87 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (TI106033W0C) (Fixed) (Total:278.32 GB) (Free:151.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive d: (TOSHIBA System Volume) (Fixed) (Total:1.46 GB) (Free:1.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive f: () (Removable) (Total:14.53 GB) (Free:14.52 GB) FAT32</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: EF6DE949)</p><p>Partition 1: (Active) - (Size=1 GB) - (Type=27)</p><p>Partition 2: (Not Active) - (Size=278 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=18 GB) - (Type=17)</p><p></p><p>========================================================</p><p>Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)</p><p>Partition 1: (Active) - (Size=15 GB) - (Type=0C)</p><p></p><p></p><p>LastRegBack: 2013-11-09 21:24</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="pennie59, post: 143863, member: 14789"] Here it is: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01 Ran by SYSTEM on MININT-G8RTUGR on 12-11-2013 16:56:10 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x] HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [566184 2010-09-28] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation) HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] () HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [3218792 2010-08-17] (Toshiba) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.) HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150016 2008-08-20] (Hewlett-Packard) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-22] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Adobe Photo Downloader] - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [67752 2006-12-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKU\Will\...\Winlogon: [Shell] explorer.exe,C:\Users\Will\AppData\Roaming\cache.dat [99328 2013-11-10] () <==== ATTENTION AppInit_DLLs: [0 ] () ==================== Services (Whitelisted) ================= S2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] () S2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit) S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation) S2 Winmgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-19] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-19] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-19] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-19] (AVG Technologies CZ, s.r.o.) S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-06-30] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-04] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-12 16:56 - 2013-11-12 16:56 - 00000000 ____D C:\FRST 2013-11-11 14:21 - 2013-11-11 14:21 - 00000000 __SHD C:\found.000 2013-11-10 20:50 - 2013-11-10 12:50 - 00099328 ____R C:\Users\Will\AppData\Roaming\cache.dat 2013-11-10 17:48 - 2013-11-10 17:48 - 00000000 _____ C:\Windows\System32\startmenu 2013-11-10 12:55 - 2013-11-11 16:45 - 00001042 _____ C:\Windows\setupact.log 2013-11-10 12:55 - 2013-11-10 12:55 - 00000000 _____ C:\Windows\setuperr.log 2013-11-10 12:54 - 2013-11-10 12:54 - 00023932 _____ C:\Windows\PFRO.log 2013-11-10 12:51 - 2013-11-12 00:36 - 00000004 _____ C:\Users\Will\AppData\Roaming\cache.ini 2013-11-10 08:59 - 2013-11-10 08:59 - 00000000 ____D C:\Users\Will\AppData\Local\{ADFC733B-A2B4-4B54-81B2-51C3E0F0F477} 2013-11-09 18:38 - 2013-11-09 18:38 - 00001514 _____ C:\Users\Will\Desktop\VP-6150 - Shortcut.lnk 2013-11-09 16:08 - 2013-11-09 16:08 - 00000000 ____D C:\Users\Will\AppData\Local\{9BE74857-C16E-48A1-9C09-C2A5E76BC15A} 2013-11-08 16:17 - 2013-11-08 16:17 - 00004021 _____ C:\Users\Will\Desktop\VP-6066 - Shortcut.lnk 2013-11-08 16:17 - 2013-11-08 16:17 - 00004021 _____ C:\Users\Will\Desktop\VP-6064 - Shortcut.lnk 2013-11-08 16:17 - 2013-11-08 16:17 - 00004021 _____ C:\Users\Will\Desktop\VP-6060 - Shortcut.lnk 2013-10-27 06:03 - 2013-10-27 06:03 - 00000000 ____D C:\Users\Will\AppData\Local\{B4750301-9965-45CB-8D72-B0E4E61247B1} 2013-10-25 06:04 - 2013-10-25 06:04 - 00000000 ____D C:\Users\Will\AppData\Local\{D0C3B92C-83E8-4CB7-9AB0-6D7B4E6260F8} 2013-10-24 15:23 - 2013-10-24 15:23 - 00000000 ____D C:\Users\Will\AppData\Local\{8DB9A031-6834-4805-A82D-BC3AB544EB84} 2013-10-16 14:51 - 2013-10-16 14:51 - 00000000 ____D C:\Users\Will\AppData\Local\{F04691BB-C1B0-4A29-85E0-886EDE601867} ==================== One Month Modified Files and Folders ======= 2013-11-12 16:56 - 2013-11-12 16:56 - 00000000 ____D C:\FRST 2013-11-12 00:38 - 2011-09-30 07:28 - 01102296 _____ C:\Windows\WindowsUpdate.log 2013-11-12 00:36 - 2013-11-10 12:51 - 00000004 _____ C:\Users\Will\AppData\Roaming\cache.ini 2013-11-12 00:36 - 2011-10-08 14:17 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-12 00:35 - 2011-10-08 14:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-12 00:24 - 2011-10-06 12:58 - 00000000 ____D C:\ProgramData\MFAData 2013-11-12 00:10 - 2012-04-03 14:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-11 16:53 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-11 16:53 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-11 16:45 - 2013-11-10 12:55 - 00001042 _____ C:\Windows\setupact.log 2013-11-11 16:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-11 14:21 - 2013-11-11 14:21 - 00000000 __SHD C:\found.000 2013-11-10 18:16 - 2013-09-24 15:46 - 00000000 ____D C:\Windows\pss 2013-11-10 17:48 - 2013-11-10 17:48 - 00000000 _____ C:\Windows\System32\startmenu 2013-11-10 12:55 - 2013-11-10 12:55 - 00000000 _____ C:\Windows\setuperr.log 2013-11-10 12:54 - 2013-11-10 12:54 - 00023932 _____ C:\Windows\PFRO.log 2013-11-10 12:50 - 2013-11-10 20:50 - 00099328 ____R C:\Users\Will\AppData\Roaming\cache.dat 2013-11-10 08:59 - 2013-11-10 08:59 - 00000000 ____D C:\Users\Will\AppData\Local\{ADFC733B-A2B4-4B54-81B2-51C3E0F0F477} 2013-11-10 08:29 - 2013-07-20 16:54 - 00000000 ____D C:\Users\Will\Desktop\Desktop Files 2013-11-09 18:38 - 2013-11-09 18:38 - 00001514 _____ C:\Users\Will\Desktop\VP-6150 - Shortcut.lnk 2013-11-09 16:08 - 2013-11-09 16:08 - 00000000 ____D C:\Users\Will\AppData\Local\{9BE74857-C16E-48A1-9C09-C2A5E76BC15A} 2013-11-08 20:31 - 2011-10-06 13:06 - 00000000 ____D C:\Users\Will\Documents\Outlook Files 2013-11-08 20:14 - 2012-09-22 17:37 - 00000000 ____D C:\Users\Will\AppData\Local\DFE3E515-0A23-4D06-A2A7-1FC162D3F453.aplzod 2013-11-08 16:17 - 2013-11-08 16:17 - 00004021 _____ C:\Users\Will\Desktop\VP-6066 - Shortcut.lnk 2013-11-08 16:17 - 2013-11-08 16:17 - 00004021 _____ C:\Users\Will\Desktop\VP-6064 - Shortcut.lnk 2013-11-08 16:17 - 2013-11-08 16:17 - 00004021 _____ C:\Users\Will\Desktop\VP-6060 - Shortcut.lnk 2013-11-08 15:35 - 2011-10-05 14:26 - 00000000 ____D C:\users\Will 2013-10-27 06:03 - 2013-10-27 06:03 - 00000000 ____D C:\Users\Will\AppData\Local\{B4750301-9965-45CB-8D72-B0E4E61247B1} 2013-10-25 06:04 - 2013-10-25 06:04 - 00000000 ____D C:\Users\Will\AppData\Local\{D0C3B92C-83E8-4CB7-9AB0-6D7B4E6260F8} 2013-10-24 15:23 - 2013-10-24 15:23 - 00000000 ____D C:\Users\Will\AppData\Local\{8DB9A031-6834-4805-A82D-BC3AB544EB84} 2013-10-16 14:51 - 2013-10-16 14:51 - 00000000 ____D C:\Users\Will\AppData\Local\{F04691BB-C1B0-4A29-85E0-886EDE601867} 2013-10-13 10:30 - 2011-10-08 14:17 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-13 10:30 - 2011-10-08 14:17 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Files to move or delete: ==================== C:\Users\Will\AppData\Roaming\cache.dat C:\Users\Will\AppData\Roaming\cache.ini C:\ProgramData\brgldb.ctrl C:\ProgramData\brgldb.pff C:\ProgramData\rljw9to.ctrl C:\ProgramData\rljw9to.pff Some content of TEMP: ==================== C:\Users\Will\AppData\Local\Temp\advanced-systemcare.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 13 Restore point made on: 2013-10-31 18:51:35 Restore point made on: 2013-11-01 18:33:48 Restore point made on: 2013-11-02 19:17:50 Restore point made on: 2013-11-03 16:20:49 Restore point made on: 2013-11-04 16:05:04 Restore point made on: 2013-11-05 16:32:29 Restore point made on: 2013-11-06 16:55:14 Restore point made on: 2013-11-08 00:00:20 Restore point made on: 2013-11-09 06:32:30 Restore point made on: 2013-11-10 00:00:23 Restore point made on: 2013-11-11 16:52:45 Restore point made on: 2013-11-12 00:00:20 Restore point made on: 2013-11-12 00:38:36 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3893.86 MB Available physical RAM: 3324.71 MB Total Pagefile: 3892.01 MB Available Pagefile: 3307.32 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (TI106033W0C) (Fixed) (Total:278.32 GB) (Free:151.64 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (TOSHIBA System Volume) (Fixed) (Total:1.46 GB) (Free:1.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: () (Removable) (Total:14.53 GB) (Free:14.52 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: EF6DE949) Partition 1: (Active) - (Size=1 GB) - (Type=27) Partition 2: (Not Active) - (Size=278 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=18 GB) - (Type=17) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=15 GB) - (Type=0C) LastRegBack: 2013-11-09 21:24 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top