pceu virus

View previous topic View next topic Go down

pceu virus

Post by paulray on Sun Nov 11, 2012 3:21 pm

i had the pceu virus and the only way i could unlock my laptop is to restore it.i thought the virus was gone but now it's slowly damageing it,is there any way i can completly remove it

paulray
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2012-07-28
OS : windows 7

View user profile

Back to top Go down

Re: pceu virus

Post by Dr Jay on Sun Nov 11, 2012 5:52 pm

Let's do some trying here...

Farbar Recovery Scan Tool

Download [You must be registered and logged in to see this link.] and save it to a flash drive.


Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. [You must be registered and logged in to see this link.]

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Logs

Post by paulray on Mon Nov 12, 2012 6:38 pm


Ran by SYSTEM at 2012-11-12 18:13:17
Running from G:\

================== Search: "Services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exeScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-11-2012 02
Ran by SYSTEM at 12-11-2012 18:10:18
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [x]
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [x]
HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2120808 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [x]
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [x]
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x]
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [x]
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1234216 2010-09-02] (Nero AG)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2010-03-03] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-11] ()
HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [1020512 2012-11-11] ()
HKU\Christina Curtis\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Christina Curtis\...\Run: [Google Update] "C:\Users\Christina Curtis\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-13] (Google Inc.)
HKU\Default\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\Default\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 IconMan_R; "C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe" [1811456 2010-08-27] (Realsil Microelectronics Inc.)
2 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [103472 2012-06-15] (McAfee, Inc.)
2 Roozz Updater; "C:\Program Files (x86)\Roozz\RoozzUpdater.exe" [393216 2012-10-04] (Roozz)
3 TemproMonitoringService; "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [124368 2010-05-11] (Toshiba Europe GmbH)
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-11] ()
2 SoccerInfernoService; C:\PROGRA~2\SOCCER~2\bar\1.bin\j2barsvc.exe [x]

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-14] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-04] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-11] (AVG Technologies)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-12 10:05 - 2012-11-12 10:05 - 01461123 ____A (Farbar) C:\Users\Christina Curtis\Downloads\FRST64 (3).exe
2012-11-12 10:05 - 2012-11-12 10:05 - 00000000 ____D C:\FRST
2012-11-12 09:42 - 2012-11-12 09:42 - 01461123 ____A (Farbar) C:\Users\Christina Curtis\Downloads\FRST64 (2).exe
2012-11-12 07:00 - 2012-11-12 07:00 - 00003288 ____N C:\bootsqm.dat
2012-11-12 05:31 - 2012-11-12 05:31 - 01461123 ____A (Farbar) C:\Users\Christina Curtis\Downloads\FRST64 (1).exe
2012-11-11 10:43 - 2012-11-11 10:44 - 01461123 ____A (Farbar) C:\Users\Christina Curtis\Downloads\FRST64.exe
2012-11-11 08:47 - 2012-11-11 08:47 - 00000000 ____D C:\Users\Christina Curtis\AppData\Roaming\AVG2013
2012-11-11 08:45 - 2012-11-11 08:45 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-11 08:45 - 2012-11-11 08:45 - 00000972 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-11-11 08:45 - 2012-11-11 08:45 - 00000000 ____D C:\Users\Christina Curtis\AppData\Roaming\TuneUp Software
2012-11-11 08:45 - 2012-11-11 08:45 - 00000000 ____D C:\Users\Christina Curtis\AppData\Local\AVG Secure Search
2012-11-11 08:45 - 2012-11-11 08:45 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-11-11 08:43 - 2012-11-11 08:46 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-11 08:43 - 2012-11-11 08:43 - 00000000 ___HD C:\$AVG
2012-11-11 08:38 - 2012-11-11 08:48 - 00000000 ____D C:\Users\Christina Curtis\AppData\Local\Avg2013
2012-11-11 08:38 - 2012-11-11 08:38 - 00000000 ____D C:\Users\Christina Curtis\AppData\Local\MFAData
2012-11-11 08:37 - 2012-11-11 08:37 - 04424392 ____A (AVG Technologies) C:\Users\Christina Curtis\Downloads\avg_free_stb_all_2013_2793_cnet.exe
2012-11-11 05:07 - 2012-11-11 05:07 - 00895464 ____A (Oracle Corporation) C:\Users\Christina Curtis\Downloads\chromeinstall-7u9.exe
2012-11-07 04:22 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-07 04:22 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-11-07 04:22 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-11-07 04:22 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-11-07 04:22 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-11-07 04:15 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-11-06 15:19 - 2012-09-27 16:18 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-06 14:45 - 2012-11-06 14:45 - 00000000 ____D C:\Windows\System32\SPReview
2012-11-06 14:42 - 2012-11-06 14:42 - 00000000 ____D C:\Windows\System32\EventProviders
2012-10-22 05:02 - 2012-10-22 05:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
2012-10-20 15:04 - 2012-10-20 15:04 - 00006686 ____A C:\Users\Christina Curtis\Downloads\download
2012-10-20 11:42 - 2012-09-24 14:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-20 11:42 - 2012-09-24 14:08 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-10-20 11:42 - 2012-09-24 14:07 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-10-20 11:41 - 2012-10-20 11:42 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-18 16:56 - 2012-10-18 16:56 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2012-10-18 16:56 - 2012-10-18 16:56 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2012-10-18 16:55 - 2012-10-18 16:55 - 00000000 ____D C:\Users\Christina Curtis\AppData\Roaming\Babylon
2012-10-15 22:49 - 2012-10-15 22:49 - 00000000 __SHD C:\found.010
2012-10-14 19:48 - 2012-10-14 19:48 - 00063328 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-10-13 18:14 - 2012-10-13 18:14 - 00000000 ____D C:\Windows\CheckSur

==================== One Month Modified Files and Folders =======

2012-11-12 10:05 - 2012-11-12 10:05 - 01461123 ____A (Farbar) C:\Users\Christina Curtis\Downloads\FRST64 (3).exe
2012-11-12 10:05 - 2012-11-12 10:05 - 00000000 ____D C:\FRST
2012-11-12 09:44 - 2012-06-24 09:16 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-12 09:42 - 2012-11-12 09:42 - 01461123 ____A (Farbar) C:\Users\Christina Curtis\Downloads\FRST64 (2).exe
2012-11-12 09:42 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-12 09:42 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-12 09:40 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-12 09:35 - 2012-06-24 08:02 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-12 09:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-12 09:34 - 2009-07-13 20:51 - 00059531 ____A C:\Windows\setupact.log
2012-11-12 09:10 - 2012-06-19 19:53 - 01859750 ____A C:\Windows\WindowsUpdate.log
2012-11-12 08:23 - 2012-06-24 08:02 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-12 08:22 - 2012-07-25 09:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-12 08:15 - 2012-09-15 06:37 - 00000952 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220771988-3909503011-4221354792-1001UA.job
2012-11-12 07:15 - 2012-09-15 06:37 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220771988-3909503011-4221354792-1001Core.job
2012-11-12 07:00 - 2012-11-12 07:00 - 00003288 ____N C:\bootsqm.dat
2012-11-12 06:41 - 2012-09-15 23:15 - 00000000 ____D C:\Program Files (x86)\Roozz
2012-11-12 05:31 - 2012-11-12 05:31 - 01461123 ____A (Farbar) C:\Users\Christina Curtis\Downloads\FRST64 (1).exe
2012-11-12 05:28 - 2012-06-19 19:50 - 00048496 ____A C:\Windows\PFRO.log
2012-11-11 17:40 - 2010-11-10 06:48 - 00000000 ____D C:\Users\All Users\McAfee
2012-11-11 17:39 - 2010-11-10 06:48 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-11-11 17:31 - 2010-11-10 07:00 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2012-11-11 17:30 - 2010-11-10 06:59 - 00000000 ____D C:\Users\All Users\WildTangent
2012-11-11 17:02 - 2012-10-04 06:47 - 00000000 ____D C:\Users\All Users\Roozz
2012-11-11 10:44 - 2012-11-11 10:43 - 01461123 ____A (Farbar) C:\Users\Christina Curtis\Downloads\FRST64.exe
2012-11-11 08:48 - 2012-11-11 08:38 - 00000000 ____D C:\Users\Christina Curtis\AppData\Local\Avg2013
2012-11-11 08:47 - 2012-11-11 08:47 - 00000000 ____D C:\Users\Christina Curtis\AppData\Roaming\AVG2013
2012-11-11 08:46 - 2012-11-11 08:43 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-11 08:45 - 2012-11-11 08:45 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-11 08:45 - 2012-11-11 08:45 - 00000972 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-11-11 08:45 - 2012-11-11 08:45 - 00000000 ____D C:\Users\Christina Curtis\AppData\Roaming\TuneUp Software
2012-11-11 08:45 - 2012-11-11 08:45 - 00000000 ____D C:\Users\Christina Curtis\AppData\Local\AVG Secure Search
2012-11-11 08:45 - 2012-11-11 08:45 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-11-11 08:45 - 2012-06-24 09:22 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-11 08:43 - 2012-11-11 08:43 - 00000000 ___HD C:\$AVG
2012-11-11 08:41 - 2012-06-24 09:20 - 00000000 ____D C:\Program Files (x86)\AVG
2012-11-11 08:38 - 2012-11-11 08:38 - 00000000 ____D C:\Users\Christina Curtis\AppData\Local\MFAData
2012-11-11 08:37 - 2012-11-11 08:37 - 04424392 ____A (AVG Technologies) C:\Users\Christina Curtis\Downloads\avg_free_stb_all_2013_2793_cnet.exe
2012-11-11 05:07 - 2012-11-11 05:07 - 00895464 ____A (Oracle Corporation) C:\Users\Christina Curtis\Downloads\chromeinstall-7u9.exe
2012-11-11 05:06 - 2012-06-28 12:35 - 00000000 ____D C:\Users\Christina Curtis\AppData\Roaming\TuneUpMedia
2012-11-07 04:18 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-06 15:27 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-11-06 15:27 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-11-06 15:27 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2012-11-06 15:27 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-11-06 15:27 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-11-06 15:27 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-11-06 15:27 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-11-06 15:27 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-11-06 15:27 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-11-06 15:27 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sppui
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2012-11-06 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2012-11-06 15:13 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-11-06 15:13 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-11-06 14:45 - 2012-11-06 14:45 - 00000000 ____D C:\Windows\System32\SPReview
2012-11-06 14:42 - 2012-11-06 14:42 - 00000000 ____D C:\Windows\System32\EventProviders
2012-11-02 17:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-11-02 09:12 - 2012-06-19 19:24 - 00000000 ____D C:\users\Christina Curtis
2012-10-25 14:06 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-22 05:02 - 2012-10-22 05:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
2012-10-20 15:04 - 2012-10-20 15:04 - 00006686 ____A C:\Users\Christina Curtis\Downloads\download
2012-10-20 11:42 - 2012-10-20 11:41 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-20 11:42 - 2010-11-10 06:39 - 00000000 ____D C:\Program Files (x86)\Java
2012-10-18 16:56 - 2012-10-18 16:56 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2012-10-18 16:56 - 2012-10-18 16:56 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2012-10-18 16:55 - 2012-10-18 16:55 - 00000000 ____D C:\Users\Christina Curtis\AppData\Roaming\Babylon
2012-10-18 16:55 - 2012-06-28 12:39 - 00000000 ____D C:\Users\Christina Curtis\AppData\Roaming\Mozilla
2012-10-15 22:49 - 2012-10-15 22:49 - 00000000 __SHD C:\found.010
2012-10-14 19:48 - 2012-10-14 19:48 - 00063328 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-10-13 18:14 - 2012-10-13 18:14 - 00000000 ____D C:\Windows\CheckSur

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-20 16:42:04
Restore point made on: 2012-08-20 16:42:07
Restore point made on: 2012-08-20 16:42:07
Restore point made on: 2012-08-20 16:42:07
Restore point made on: 2012-08-20 16:42:14
Restore point made on: 2012-08-20 16:42:15
Restore point made on: 2012-08-20 16:42:15
Restore point made on: 2012-11-06 14:45:46
Restore point made on: 2012-11-07 04:03:08
Restore point made on: 2012-11-08 08:15:15
Restore point made on: 2012-11-11 08:41:22
Restore point made on: 2012-11-11 08:42:31
Restore point made on: 2012-11-11 17:41:59
Restore point made on: 2012-11-12 05:32:49

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 1906.67 MB
Available physical RAM: 1452.71 MB
Total Pagefile: 1906.67 MB
Available Pagefile: 1438.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:109.11 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:140.69 GB) NTFS
3 Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (ADATA UFD) (Removable) (Total:7.53 GB) (Free:7.53 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7728 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 400 MB 1024 KB
Partition 2 Primary 149 GB 401 MB
Partition 3 Primary 148 GB 149 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E SYSTEM NTFS Partition 400 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C WINDOWS NTFS Partition 149 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 148 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7727 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G ADATA UFD FAT32 Removable 7727 MB Healthy

=========================================================

Last Boot: 2012-10-17 15:10

==================== End Of Log =============================
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

paulray
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2012-07-28
OS : windows 7

View user profile

Back to top Go down

Re: pceu virus

Post by Dr Jay on Tue Nov 13, 2012 9:12 am

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Last Boot: 2012-10-17 15:10
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

fixlog

Post by paulray on Tue Nov 13, 2012 3:32 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2012 02
Ran by SYSTEM at 2012-11-13 15:24:47 Run:1
Running from H:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

paulray
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2012-07-28
OS : windows 7

View user profile

Back to top Go down

Re: pceu virus

Post by Dr Jay on Tue Nov 13, 2012 5:51 pm

Try to boot the computer again. How does it work...?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: pceu virus

Post by paulray on Tue Nov 13, 2012 6:50 pm

it boots like it always does ok,but i'll just have too wait and see if the virus has gone and hope my pc doesn't get worse.thanks for help much appraciated.

paulray
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2012-07-28
OS : windows 7

View user profile

Back to top Go down

disk drive notification

Post by paulray on Tue Nov 13, 2012 7:40 pm

since i've done what you ask me do i've got a disk drive notification saying unable to get disk information,cannot use the alert feature.also when i went to turn on avg free antivirus it said "the windows instaler service could not be accessed.this can occur if you are running windows in safe mode,or if the windows installer is not correctly installed.contact your support personnel for assistance".is there anyway to fix this.thankyou.

paulray
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2012-07-28
OS : windows 7

View user profile

Back to top Go down

Re: pceu virus

Post by Dr Jay on Tue Nov 13, 2012 9:07 pm

Yes, let's do the following next, please:

ComboFix scan

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.]

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

combo fix

Post by paulray on Tue Nov 13, 2012 10:21 pm

ComboFix 12-11-13.02 - Christina Curtis 13/11/2012 21:59:49.2.4 - x64
Running from: c:\users\Christina Curtis\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Toshiba
c:\programdata\Toshiba\SmartFaceV\FaceLib\LIB\Cmsm\0c.dck
c:\programdata\Toshiba\SmartFaceV\FaceLib\LIB\Cmsm\0c.dckev
c:\programdata\Toshiba\SmartFaceV\FaceLib\LIB\Cmsm\0c.mck
c:\programdata\Toshiba\SmartFaceV\FaceLib\LIB\Cmsm\consfile-CMSM.txt
c:\programdata\Toshiba\SmartFaceV\FaceLib\LIB\Cmsm\consfile.txt
c:\programdata\Toshiba\SmartFaceV\FaceLib\LIB\Cmsm\def-V.dck
c:\programdata\Toshiba\SmartFaceV\FaceLib\LIB\Cmsm\def.dck
c:\programdata\Toshiba\SmartFaceV\FaceLib\LIB\Cmsm\def.dckev
c:\programdata\Toshiba\SmartFaceV\FaceLib\LIB\Cmsm\def.mck
c:\programdata\Toshiba\SmartFaceV\FaceLib\LIB\config_id_database
c:\programdata\Toshiba\SmartFaceV\FaceLib\LIB\config_id_database.dat
c:\programdata\Toshiba\SmartFaceV\FaceRecogLog\Data\20120715202739001.dat
c:\programdata\Toshiba\SmartFaceV\FaceRecogLog\FaceRecogLog
c:\programdata\Toshiba\SmartFaceV\SmartFaceVCam.ini
c:\programdata\Toshiba\SmartFaceV\SmartFaceVSetting.ini
c:\programdata\Toshiba\SmartFaceV\SmartFaceVWatcher.ini
c:\programdata\Toshiba\SmartFaceV\Users\userdata.dat
c:\users\Christina Curtis\AppData\Roaming\Toshiba
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards.xml
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards.xml.bak
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.xml
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.xml.bak
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\Board.xml
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.icon.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\board1.xml
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r2_c110.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r2_c20.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r2_c50.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r4_c70.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r5_c100.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r5_c40.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\Help_Top000000.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Boards\IMG_2866000000.jpg
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\GettingStartedData.xml
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\screenshot.png
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Settings.xml
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Settings.xml.bak
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\Share.xml
c:\users\Christina Curtis\AppData\Roaming\Toshiba\BulletinBoard\ToshibaBoardSettings.xml
c:\users\Christina Curtis\AppData\Roaming\Toshiba\ReelTime\Backup\ReelTimeMonitorData.dat
c:\users\Christina Curtis\AppData\Roaming\Toshiba\ReelTime\Exception.log
c:\users\Christina Curtis\AppData\Roaming\Toshiba\ReelTime\ReelTimeMonitorData.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SoccerInfernoService
.
.
((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 )))))))))))))))))))))))))))))))
.
.
2012-11-13 22:08 . 2012-11-13 22:08 -------- d-----w- c:\programdata\Toshiba
2012-11-13 22:06 . 2012-11-13 22:06 -------- d-----w- c:\users\Christina Curtis\AppData\Roaming\TOSHIBA
2012-11-13 18:14 . 2012-11-13 18:14 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E639DD45-D5B4-4AE5-8DEF-9DBBD8ED5627}\offreg.dll
2012-11-13 14:32 . 2012-10-17 02:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E639DD45-D5B4-4AE5-8DEF-9DBBD8ED5627}\mpengine.dll
2012-11-12 18:05 . 2012-11-12 18:05 -------- d-----w- C:\FRST
2012-11-11 16:47 . 2012-11-11 16:47 -------- d-----w- c:\users\Christina Curtis\AppData\Roaming\AVG2013
2012-11-11 16:45 . 2012-11-11 16:45 -------- d-----w- c:\users\Christina Curtis\AppData\Local\AVG Secure Search
2012-11-11 16:45 . 2012-11-11 16:45 -------- d-----w- c:\users\Christina Curtis\AppData\Roaming\TuneUp Software
2012-11-11 16:45 . 2012-11-11 16:45 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-11 16:45 . 2012-11-13 14:52 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-11-11 16:43 . 2012-11-11 16:46 -------- d-----w- c:\programdata\AVG2013
2012-11-11 16:43 . 2012-11-11 16:43 -------- d-----w- C:\$AVG
2012-11-11 16:38 . 2012-11-11 16:48 -------- d-----w- c:\users\Christina Curtis\AppData\Local\Avg2013
2012-11-11 16:38 . 2012-11-11 16:38 -------- d-----w- c:\users\Christina Curtis\AppData\Local\MFAData
2012-11-07 12:22 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-07 12:22 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-07 12:22 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-11-07 12:22 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-11-07 12:22 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-11-07 12:15 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-11-06 23:19 . 2012-09-28 00:18 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-11-06 22:45 . 2012-11-06 22:45 -------- d-----w- c:\windows\system32\SPReview
2012-11-06 22:42 . 2012-11-06 22:42 -------- d-----w- c:\windows\system32\EventProviders
2012-10-22 13:02 . 2012-10-22 13:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-20 19:42 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-19 00:57 . 2012-10-19 01:32 -------- d-----w- c:\programdata\Tarma Installer
2012-10-19 00:56 . 2012-10-19 00:56 -------- d-----w- c:\windows\SysWow64\Extensions
2012-10-19 00:56 . 2012-10-19 00:56 -------- d-----w- c:\windows\SysWow64\searchplugins
2012-10-19 00:55 . 2012-10-19 00:55 -------- d-----w- c:\users\Christina Curtis\AppData\Roaming\Babylon
2012-10-16 06:49 . 2012-10-16 06:49 -------- d-----w- C:\found.010
2012-10-15 03:48 . 2012-10-15 03:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 23:13 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-11-06 23:13 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-10-05 03:32 . 2012-10-05 03:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 03:30 . 2012-10-02 03:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-21 03:46 . 2012-09-21 03:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 03:46 . 2012-09-21 03:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-14 19:19 . 2012-10-11 01:04 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-11 01:04 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-14 03:05 . 2012-09-14 03:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-09-09 02:42 . 2012-09-09 02:43 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-09 02:42 . 2010-11-10 14:39 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-30 18:03 . 2012-10-10 17:12 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-24 18:05 . 2012-10-10 17:07 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 17:07 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-10-04 13:51 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-10-04 13:50 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-10-04 13:51 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-10-04 13:51 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-10-04 13:51 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-10-04 13:51 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-10-04 13:51 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-10-04 13:51 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-10-04 13:51 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-10-04 13:51 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-10-04 13:51 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-10-04 13:51 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-10-04 13:51 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-10-04 13:51 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-10-04 13:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-10-04 13:51 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-10-04 13:51 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-10-04 13:51 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-10-04 13:51 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-10-04 13:51 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-10-04 13:51 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-10-04 13:51 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-21 12:01 . 2012-10-06 17:15 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01 . 2012-06-20 04:07 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 12:01 . 2012-06-20 04:07 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48 . 2012-10-10 17:11 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 17:11 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 17:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 17:11 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 17:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 17:11 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 17:11 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 17:11 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 17:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 17:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 17:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 17:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 17:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 17:11 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 17:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:10 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 17:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-02 1234216]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-22 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Roozz Updater;Roozz Updater;c:\program files (x86)\Roozz\RoozzUpdater.exe [2012-10-04 393216]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-06-20 20592]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 17:39]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-24 16:01]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-24 16:01]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220771988-3909503011-4221354792-1001Core.job
- c:\users\Christina Curtis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15 04:12]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220771988-3909503011-4221354792-1001UA.job
- c:\users\Christina Curtis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15 04:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
AddRemove-888poker - c:\progra~2\PACIFI~1\UNWISE.EXE
AddRemove-Roozz plugin_is1 - c:\program files (x86)\Roozz\unins000.exe
AddRemove-TOSHIBA Game Console - c:\program files (x86)\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe
AddRemove-WildTangent toshiba Master Uninstall - c:\program files (x86)\TOSHIBA Games\Uninstall.exe
AddRemove-WildTangentGameProvider-toshiba-main - c:\program files (x86)\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe
AddRemove-WT088682 - c:\program files (x86)\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT088696 - c:\program files (x86)\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT088759 - c:\program files (x86)\TOSHIBA Games\Polar Bowler\Uninstall.exe
AddRemove-WT089367 - c:\program files (x86)\TOSHIBA Games\Farm Mania 2\Uninstall.exe
AddRemove-WT089378 - c:\program files (x86)\TOSHIBA Games\Jewel Quest II\Uninstall.exe
AddRemove-WT089380 - c:\program files (x86)\TOSHIBA Games\Penguins!\Uninstall.exe
AddRemove-WT089381 - c:\program files (x86)\TOSHIBA Games\Slingo Supreme\Uninstall.exe
AddRemove-WT089388 - c:\program files (x86)\TOSHIBA Games\Zuma Deluxe\Uninstall.exe
AddRemove-WT089395 - c:\program files (x86)\TOSHIBA Games\Plants vs. Zombies - Game of the Year\Uninstall.exe
AddRemove-WT089404 - c:\program files (x86)\TOSHIBA Games\Fishdom\Uninstall.exe
AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files (x86)\Bing Bar Installer\InstallManager.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-11-13 22:12:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-13 22:12
.
Pre-Run: 116,621,000,704 bytes free
Post-Run: 116,088,946,688 bytes free
.
- - End Of File - - A7321C570C998AA2CC72F0E9C625D984

paulray
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2012-07-28
OS : windows 7

View user profile

Back to top Go down

Re: pceu virus

Post by Dr Jay on Wed Nov 14, 2012 5:30 pm

TDSSKiller Scan

Please download and run [You must be registered and logged in to see this link.] to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.



Download Windows Repair (all in one) from [You must be registered and logged in to see this link.]

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:





Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:




Go to Step 4 and under "System Restore" click on Create button:




Go to Start Repairs tab and click Start button.




Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):



Click on box next to the Restart System when Finished. Then click on Start.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

TDSSKiller

Post by paulray on Wed Nov 14, 2012 11:02 pm

log zipped

paulray
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2012-07-28
OS : windows 7

View user profile

Back to top Go down

Re: pceu virus

Post by Dr Jay on Thu Nov 15, 2012 9:22 am

Good job!

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: pceu virus

Post by paulray on Thu Nov 15, 2012 4:28 pm

no threats were found with ESET scanner,but i've still got the "unable to get disk information,can not use the alert feature."and i can't open avg,can you help me again please.

paulray
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2012-07-28
OS : windows 7

View user profile

Back to top Go down

Re: pceu virus

Post by Dr Jay on Fri Nov 16, 2012 4:44 pm

Kaspersky GetSystemInfo Scan

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to [You must be registered and logged in to see this link.]. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: pceu virus

Post by paulray on Fri Nov 16, 2012 6:34 pm

i didn't need to use your advice,i just reinstalled avg and the problems fixed thanks for all the help though.bye

paulray
Novice
Novice

Status :
Online
Offline

Posts : 41
Joined : 2012-07-28
OS : windows 7

View user profile

Back to top Go down

Re: pceu virus

Post by Dr Jay on Sat Nov 17, 2012 9:38 am

Don't know how to take that comment, but I spent a lot of time researching ideas for your system to get it fully restored.

Personal Tips on Preventing Malware

See [You must be registered and logged in to see this link.] for more info about malware and prevention.


Topic locked.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum