Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RKill Log shows system32\TODDSrv.exe (PID: 2372) [WD-HEUR]


  • This topic is locked This topic is locked
2 replies to this topic

#1 dragonstar

dragonstar

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 23 March 2015 - 07:01 AM

hi ya,

 

have checked all of the slow computer advice.

 

I found this post from searching google http://www.bleepingcomputer.com/forums/t/466452/google-blank-page/

So thought maybe I should double check.

 

Nothing comes up in ESET or Malware bytes.

 

However I have side pop outs and a computer that takes an age to boot and shut down.

 

i have had help in the past so you might find remanents of the forbidden software but it hasnt been used without supervision.

 

Here's the FRST log you request. Let me know if you need anything else.

 

Thanks for your time.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by John (administrator) on MAGICMACHINE3 on 23-03-2015 11:49:44
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available profiles: John)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Windows\System32\PSIService.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPO\TempoSVC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Corel, Inc.) C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-15] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-08-09] (Realtek Semiconductor)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509496 2007-04-03] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Toshiba TEMPO] => C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2007-10-29] (Toshiba Europe GmbH)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [531272 2007-08-28] (Corel, Inc.)
HKLM\...\Run: [SystrayORAHSS] => "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
HKLM\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-03] (AVAST Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2462701224-1987670583-3889057794-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-2462701224-1987670583-3889057794-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2462701224-1987670583-3889057794-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-2462701224-1987670583-3889057794-1000\...\Run: [] => [X]
HKU\S-1-5-21-2462701224-1987670583-3889057794-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1084840 2012-05-16] (Nokia)
HKU\S-1-5-21-2462701224-1987670583-3889057794-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2015-02-10] (SUPERAntiSpyware)
HKU\S-1-5-21-2462701224-1987670583-3889057794-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2008-01-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
HKU\S-1-5-21-2462701224-1987670583-3889057794-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2462701224-1987670583-3889057794-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKLM -> {4D6DBB49-9391-4D94-B6B6-538275986CD5} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2462701224-1987670583-3889057794-1000 -> {4D6DBB49-9391-4D94-B6B6-538275986CD5} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA_en
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-10-26] (DivX, LLC)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-28] (Oracle Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL No File []
Handler: http\oledb - No CLSID Value -  []
Handler: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL No File []
Handler: https\oledb - No CLSID Value -  []
Handler: ipp\0x00000001 - No CLSID Value -  []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL No File []
Handler: msdaipp\oledb - No CLSID Value -  []
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ujd12ux9.default
FF SearchEngineOrder.3: google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-11-08] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-05-16] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-08-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-08-28] (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2010-12-15]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-12-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-28]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-10-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-02-10] (SUPERAntiSpyware.com)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-28] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-07] (AVAST Software)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPO\TempoSVC.exe [95624 2007-10-29] (Toshiba Europe GmbH)
R2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-08-01] (TOSHIBA Corporation) [File not signed]
S2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
S3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [X]
S2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-28] (AVAST Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [252592 2014-03-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-01-28] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-01-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-01-28] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-01-28] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-28] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-23] (Malwarebytes Corporation)
S3 PCAMp50; C:\Windows\System32\Drivers\PCAMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [252416 2007-06-01] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\9FD7.tmp [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 11:30 - 2015-03-23 11:31 - 00000000 ____D () C:\Users\John\AppData\Local\{5E08213F-4B94-4DAD-B79F-B3AE2B53834A}
2015-03-22 23:12 - 2015-03-22 23:12 - 00000000 ____D () C:\Users\John\AppData\Local\{1EA5AE8F-C8B9-43DC-A640-61CF9032E210}
2015-03-21 23:41 - 2015-03-21 23:41 - 00000000 ____D () C:\Users\John\AppData\Local\{0502A901-9E53-46D2-8A19-4C1A78CC89BD}
2015-03-21 10:32 - 2015-03-21 10:32 - 00000000 ____D () C:\Users\John\AppData\Local\{66E4CEC6-04C2-45E9-9788-521C047F7C61}
2015-03-20 19:13 - 2015-03-20 19:13 - 00000000 ____D () C:\Users\John\AppData\Local\{B2C04027-E77D-4AE9-ABF8-0CF6A5CB143F}
2015-03-19 22:49 - 2015-03-19 22:49 - 00000000 ____D () C:\Users\John\AppData\Local\{BB2BA609-3B15-4D1E-9535-EC788D81EE97}
2015-03-18 21:15 - 2015-03-18 21:16 - 00000000 ____D () C:\Users\John\AppData\Local\{56AC3AD6-753A-4C14-BC86-79B323640687}
2015-03-18 00:03 - 2015-03-18 00:04 - 00000000 ____D () C:\Users\John\AppData\Local\{4DEBE73F-26C2-4819-BFA4-947874F19CF8}
2015-03-16 23:34 - 2015-03-16 23:34 - 00000000 ____D () C:\Users\John\AppData\Local\{59D5B030-6E3F-4B5C-B86F-8AF33E4AF55E}
2015-03-15 23:35 - 2015-03-15 23:35 - 00000000 ____D () C:\Users\John\AppData\Local\{85C4494F-39B6-4CF3-980F-C885BE39938A}
2015-03-14 17:58 - 2015-03-14 17:58 - 00000000 ____D () C:\Users\John\AppData\Local\{79A6AC3A-69D5-42CD-A50B-C30B09DAE84D}
2015-03-12 23:32 - 2015-03-12 23:32 - 00000000 ____D () C:\Users\John\AppData\Local\{7C9582CF-F528-4508-8B34-89D6C4545448}
2015-03-12 00:22 - 2015-01-29 01:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 00:21 - 2015-01-29 01:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 00:20 - 2015-02-26 00:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 00:04 - 2015-02-20 02:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 00:04 - 2015-02-20 00:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 00:03 - 2015-02-26 02:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 00:03 - 2015-02-26 02:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 00:03 - 2015-01-09 02:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 00:03 - 2015-01-09 00:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 00:02 - 2015-01-21 02:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 00:00 - 2015-03-06 04:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 23:59 - 2014-10-13 01:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-11 23:57 - 2015-02-18 02:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 23:53 - 2015-03-11 23:53 - 00000000 ____D () C:\Users\John\AppData\Local\{3C51FEF5-AB4F-46AD-BFF0-E668CDF8503F}
2015-03-10 23:41 - 2015-02-21 17:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 23:41 - 2015-02-21 17:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-10 23:41 - 2015-02-21 17:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 23:41 - 2015-02-21 17:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 23:41 - 2015-02-21 17:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 23:41 - 2015-02-21 17:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 23:41 - 2015-02-21 17:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 23:41 - 2015-02-21 17:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-10 23:41 - 2015-02-21 17:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 23:41 - 2015-02-21 17:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 23:41 - 2015-02-21 17:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-10 23:41 - 2015-02-21 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 23:41 - 2015-02-21 17:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 23:41 - 2015-02-21 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 23:41 - 2015-02-21 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 23:41 - 2015-02-21 17:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 23:41 - 2015-02-21 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 23:41 - 2015-02-21 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 23:41 - 2015-02-21 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-10 23:41 - 2015-02-21 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-10 23:41 - 2015-02-21 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-10 23:41 - 2015-02-21 17:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 23:37 - 2015-03-10 23:38 - 00000000 ____D () C:\Users\John\AppData\Local\{198FED91-4829-4F00-B6CA-5FB4AF44A815}
2015-03-09 23:35 - 2015-03-09 23:36 - 00000000 ____D () C:\Users\John\AppData\Local\{3F48FDBC-41A5-4440-9007-35CCE1B20DD3}
2015-03-08 23:44 - 2015-03-08 23:45 - 00000000 ____D () C:\Users\John\AppData\Local\{06C56BA2-6106-4F4A-A545-EBED79059903}
2015-03-08 00:35 - 2015-03-08 00:35 - 00000000 ____D () C:\Users\John\AppData\Local\{DBAEC493-4B39-4293-991C-A2D2EC27577E}
2015-03-06 23:13 - 2015-03-06 23:13 - 00000000 ____D () C:\Users\John\AppData\Local\{CF7B94EC-96DB-42AB-93D7-463DADCC24CF}
2015-03-05 22:18 - 2015-03-05 22:19 - 00000000 ____D () C:\Users\John\AppData\Local\{0941098F-DC54-4BEF-A7A1-EDE9C156BD7C}
2015-03-05 00:17 - 2015-03-05 00:18 - 00000000 ____D () C:\Users\John\AppData\Local\{5A158B78-D86D-4599-A521-06AC9F3551D9}
2015-03-03 23:57 - 2015-03-03 23:57 - 00000000 ____D () C:\Users\John\AppData\Local\{F61A5693-007C-4A49-8683-6FB05A9C6F74}
2015-03-02 23:37 - 2015-03-02 23:37 - 00000000 ____D () C:\Users\John\AppData\Local\{067B1582-F097-4620-8002-5EFDCEEDE3B7}
2015-03-01 00:27 - 2015-03-01 00:27 - 00000000 ____D () C:\Users\John\AppData\Local\{50B3F17C-F4DB-410B-BB74-7492F678FC43}
2015-02-26 21:03 - 2015-02-26 21:04 - 00000000 ____D () C:\Users\John\AppData\Local\{48478D92-72A4-4277-822F-BCC7DF81625F}
2015-02-25 20:35 - 2015-02-25 20:36 - 00000000 ____D () C:\Users\John\AppData\Local\{962D666B-1C21-4A90-9ED6-1D8705A01F25}
2015-02-24 22:55 - 2015-02-24 22:55 - 00000000 ____D () C:\Users\John\AppData\Local\{27959B7C-E30E-4B5B-983C-2908F62312BD}
2015-02-24 00:01 - 2015-02-24 00:01 - 00000000 ____D () C:\Users\John\AppData\Local\{C4FC58B8-CFDE-4E99-A907-2F7CCEEE4202}
2015-02-22 16:23 - 2015-02-23 04:24 - 00000000 ____D () C:\Users\John\AppData\Local\{37BB04FD-39DB-4A45-BD52-D067AADA8ECD}
2015-02-22 01:32 - 2015-02-22 01:33 - 00000000 ____D () C:\Users\John\AppData\Local\{61F91371-7DD7-41C6-999B-ED41F8FEBC3E}
2015-02-21 00:53 - 2015-02-21 00:53 - 00000000 ____D () C:\Users\John\AppData\Local\{1FA732BD-015F-4103-8B01-55923C9D744D}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 11:49 - 2014-08-28 22:25 - 01135104 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2015-03-23 11:49 - 2014-08-28 22:25 - 00019448 _____ () C:\Users\John\Desktop\FRST.txt
2015-03-23 11:49 - 2014-08-28 22:25 - 00000000 ____D () C:\FRST
2015-03-23 11:49 - 2010-08-07 08:56 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-23 11:34 - 2014-03-30 23:48 - 00002216 _____ () C:\Users\John\Desktop\Rkill.txt
2015-03-23 11:32 - 2008-02-29 14:43 - 01125789 _____ () C:\Windows\WindowsUpdate.log
2015-03-23 11:29 - 2010-06-10 00:18 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-23 11:27 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 11:27 - 2006-11-02 12:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-23 11:27 - 2006-11-02 12:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-23 01:14 - 2006-11-02 13:01 - 00032532 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-23 00:59 - 2013-03-19 00:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-23 00:03 - 2014-07-20 09:52 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-14 18:00 - 2009-10-03 19:27 - 00000440 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2015-03-12 23:23 - 2006-11-02 12:47 - 00330688 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 00:20 - 2013-08-14 21:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 00:05 - 2006-11-02 10:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-09 23:35 - 2012-03-04 01:36 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-24 03:23 - 2011-05-08 19:54 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-24 01:21 - 2011-05-08 13:09 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-02-24 01:21 - 2009-05-25 21:59 - 00000000 ____D () C:\ProgramData\TEMP

==================== Files in the root of some directories =======

2011-03-29 21:33 - 2011-03-29 21:33 - 0000000 _____ () C:\Users\John\AppData\Roaming\av5765.ini
2008-03-02 21:18 - 2009-05-27 20:23 - 0000106 _____ () C:\Users\John\AppData\Roaming\wklnhst.dat
2010-10-17 22:57 - 2012-06-05 08:09 - 0001356 _____ () C:\Users\John\AppData\Local\d3d9caps.dat
2012-11-09 00:55 - 2014-03-02 02:12 - 0040960 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-01 01:22 - 2011-12-01 01:22 - 0001655 _____ () C:\Users\John\AppData\Local\dmmcwbrt.log
2011-12-01 01:22 - 2011-12-01 01:22 - 0147702 _____ () C:\Users\John\AppData\Local\ffckgnqm.log
2011-05-02 01:30 - 2011-05-02 01:55 - 0010042 ___SH () C:\Users\John\AppData\Local\jd0304a8d3q3q1q3u
2011-12-01 01:22 - 2011-12-01 01:22 - 0003198 _____ () C:\Users\John\AppData\Local\jtvlojvu.log
2011-12-01 01:22 - 2011-12-01 01:22 - 0000000 _____ () C:\Users\John\AppData\Local\mwowripa.log
2011-05-08 00:08 - 2011-05-08 17:39 - 0011324 ___SH () C:\Users\John\AppData\Local\ot3tny522v55512lfr85l2111g6da8736u8k0gh67
2011-12-01 02:03 - 2011-12-01 02:10 - 0000024 _____ () C:\Users\John\AppData\Local\qwoxdljg.log
2011-12-01 01:21 - 2011-12-01 01:22 - 0338624 _____ () C:\Users\John\AppData\Local\rnslyiqd.log
2011-12-01 01:23 - 2011-12-01 02:10 - 15200088 _____ () C:\Users\John\AppData\Local\skibwpqw.log
2011-12-01 01:22 - 2011-12-01 01:22 - 0004001 _____ () C:\Users\John\AppData\Local\vgjsieab.log
2011-05-02 01:30 - 2011-05-02 01:55 - 0010042 ___SH () C:\ProgramData\jd0304a8d3q3q1q3u
2008-03-29 09:18 - 2009-05-26 21:48 - 0016916 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
2011-05-08 00:08 - 2011-05-08 17:39 - 0011324 ___SH () C:\ProgramData\ot3tny522v55512lfr85l2111g6da8736u8k0gh67

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-23 11:36

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 25 March 2015 - 09:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

S2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
This is ligit.
http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-chrome&search=TODDSrv.exe

Your version is not signed.
Check if you can get the latest driver.

p.s. I found many logs with a similar date and size. Such as:
S2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688]
If none of your Toshiba programs are not giving you any difficulties I would ignore the issue with Rkill.

===

Clean these entries.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKU\S-1-5-21-2462701224-1987670583-3889057794-1000\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL No File []
Handler: http\oledb - No CLSID Value -  []
Handler: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL No File []
Handler: https\oledb - No CLSID Value -  []
Handler: ipp\0x00000001 - No CLSID Value -  []
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL No File []
Handler: msdaipp\oledb - No CLSID Value -  []
S2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]
S3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [X]
S2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [X]
S2 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\9FD7.tmp [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; No ImagePath
C:\Users\John\AppData\Local\Temp\NOSEventMessages.dll

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 31 March 2015 - 08:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users