Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Netbook Running Slow

Started by dtekka , Mar 23 2012 02:55 PM

  • Please log in to reply

#1
dtekka
Posted 23 March 2012 - 02:55 PM

dtekka

    Member

  • Member
  • PipPipPip
  • 174 posts
My friends toshiba netbook is running windows 7 starter edition. It is running slow and freezes up every now and again. Any help would be much appreciated.


OTL logfile created on: 3/23/2012 3:03:43 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Cathy\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.42 Mb Total Physical Memory | 128.69 Mb Available Physical Memory | 12.70% Memory free
1.99 Gb Paging File | 0.77 Gb Available in Paging File | 38.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.00 Gb Total Space | 173.97 Gb Free Space | 78.01% Space Free | Partition Type: NTFS

Computer Name: CATHY-PC | User Name: Cathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/18 11:51:18 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/10/24 15:27:58 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/07/25 01:12:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Cathy\Desktop\OTL.exe
PRC - [2010/11/24 19:17:40 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 19:14:30 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/07 23:57:16 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/07 23:57:13 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/07 23:56:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 15:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/30 14:48:42 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/10/30 14:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/10/28 23:02:38 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/10/28 22:13:44 | 000,467,304 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009/10/27 22:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/10/21 11:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2009/10/06 11:23:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/09/28 16:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/09/28 16:30:32 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2009/09/17 18:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/09/17 18:36:58 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/05 16:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 16:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/05 16:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 16:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/13 23:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe


========== Modules (SafeList) ==========

MOD - [2011/07/25 01:12:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Cathy\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/07/07 23:58:47 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/18 11:51:18 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/07 23:56:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/10/30 14:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/10/27 22:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/10/21 11:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/09/28 16:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/09/17 18:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/08/27 13:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/05 16:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - [2011/09/12 16:19:51 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/06 12:15:32 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/07 23:58:29 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/18 16:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 15:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 15:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 20:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/11/06 14:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/30 23:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 19:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 17:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/10 14:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/06/29 18:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2009/06/29 12:25:24 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2009/06/22 19:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/19 21:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 16:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNB&bmod=TSNB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNB&bmod=TSNB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNB&bmod=TSNB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/18 11:51:30 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08744715-a7b1-11df-abba-8a2499340489}\Shell - "" = AutoRun
O33 - MountPoints2\{08744715-a7b1-11df-abba-8a2499340489}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{ad15c49c-0a5d-11e0-bf3d-dfa6de747e85}\Shell - "" = AutoRun
O33 - MountPoints2\{ad15c49c-0a5d-11e0-bf3d-dfa6de747e85}\Shell\AutoRun\command - "" = D:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/23 15:07:01 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/23 15:06:11 | 000,014,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/23 15:06:11 | 000,014,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/23 14:57:44 | 000,615,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/23 14:57:44 | 000,107,926 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/23 14:52:48 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/23 14:51:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/11 13:57:04 | 000,000,000 | ---- | C] () -- C:\Users\Cathy\AppData\Local\{9FA5C2A6-0125-4E5C-9EED-A0456EB9EB17}
[2010/09/26 18:52:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/07 22:37:14 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2010/04/28 00:02:18 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/04/27 23:40:16 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2010/04/27 23:36:59 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/04/27 23:33:22 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 23:33:53 | 000,416,768 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,615,360 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,926 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/04/28 06:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll

========== LOP Check ==========

[2010/11/06 21:10:25 | 000,000,000 | ---D | M] -- C:\Users\Cathy\AppData\Roaming\AnvSoft
[2011/01/03 00:57:19 | 000,000,000 | ---D | M] -- C:\Users\Cathy\AppData\Roaming\Publish Providers
[2011/01/03 00:56:57 | 000,000,000 | ---D | M] -- C:\Users\Cathy\AppData\Roaming\Sony
[2011/01/18 00:22:26 | 000,000,000 | ---D | M] -- C:\Users\Cathy\AppData\Roaming\Tific
[2010/09/07 09:27:18 | 000,000,000 | ---D | M] -- C:\Users\Cathy\AppData\Roaming\Toshiba
[2010/07/07 22:36:28 | 000,000,000 | ---D | M] -- C:\Users\Cathy\AppData\Roaming\WinBatch
[2009/07/13 23:53:46 | 000,027,178 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU(17).TXT
[2011/04/17 14:24:01 | 000,032,566 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
BlackOxide
Posted 28 March 2012 - 01:46 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, dtekka! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start ;)

First of all, sorry for the delay, it seems to be quite busy around here lately. Lets start getting this sorted :)

Could you do the following for me please....



We'll check for malware first, then move onto trying to speed things up.


1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log



2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

If it asks to download the Avast defintions, just click No.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
OTL log
aswMBR log
  • 0

#3
dtekka
Posted 28 March 2012 - 02:40 PM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
OTL logfile created on: 3/28/2012 3:16:10 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Cathy\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.42 Mb Total Physical Memory | 69.59 Mb Available Physical Memory | 6.87% Memory free
1.99 Gb Paging File | 0.96 Gb Available in Paging File | 48.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.00 Gb Total Space | 174.29 Gb Free Space | 78.16% Space Free | Partition Type: NTFS

Computer Name: CATHY-PC | User Name: Cathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/28 04:40:16 | 001,056,096 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe
PRC - [2012/01/18 11:51:18 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/01/18 11:51:14 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/10/24 15:27:58 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/07/25 01:12:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Cathy\Desktop\OTL.exe
PRC - [2010/11/24 19:17:40 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 19:14:30 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/07 23:57:16 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/07 23:57:13 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/07 23:56:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 15:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/30 14:48:42 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/10/30 14:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/10/28 23:02:38 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/10/28 22:13:44 | 000,467,304 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009/10/28 13:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/10/27 22:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/10/21 11:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2009/10/06 11:23:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/09/28 16:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/09/28 16:30:32 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2009/09/17 18:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/09/17 18:36:58 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/05 16:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 16:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/05 16:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 16:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/13 23:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe


========== Modules (SafeList) ==========

MOD - [2011/07/25 01:12:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Cathy\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/07/07 23:58:47 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/18 11:51:18 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/07 23:56:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/10/30 14:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/10/27 22:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/10/21 11:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/09/28 16:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/09/17 18:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/08/27 13:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/05 16:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - [2011/09/12 16:19:51 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/06 12:15:32 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/07 23:58:29 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/18 16:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 15:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 15:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 20:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/11/06 14:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/30 23:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 19:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 17:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/10 14:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/06/29 18:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2009/06/29 12:25:24 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2009/06/22 19:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/19 21:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 16:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNB&bmod=TSNB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNB&bmod=TSNB


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-531163068-2874457245-832423701-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNB&bmod=TSNB
IE - HKU\S-1-5-21-531163068-2874457245-832423701-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-531163068-2874457245-832423701-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-531163068-2874457245-832423701-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/18 11:51:30 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-531163068-2874457245-832423701-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-531163068-2874457245-832423701-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08744715-a7b1-11df-abba-8a2499340489}\Shell - "" = AutoRun
O33 - MountPoints2\{08744715-a7b1-11df-abba-8a2499340489}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{ad15c49c-0a5d-11e0-bf3d-dfa6de747e85}\Shell - "" = AutoRun
O33 - MountPoints2\{ad15c49c-0a5d-11e0-bf3d-dfa6de747e85}\Shell\AutoRun\command - "" = D:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/23 17:48:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/28 15:32:16 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/28 15:32:10 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/28 15:28:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/28 15:25:33 | 076,254,430 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm.prepare
[2012/03/28 15:18:32 | 000,014,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 15:18:32 | 000,014,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 15:09:33 | 796,987,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/28 04:45:41 | 000,615,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/28 04:45:41 | 000,107,926 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/28 04:37:47 | 000,001,418 | ---- | M] () -- C:\Users\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/28 04:36:20 | 000,416,768 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/03/23 17:44:28 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/23 17:44:28 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2011/09/11 13:57:04 | 000,000,000 | ---- | C] () -- C:\Users\Cathy\AppData\Local\{9FA5C2A6-0125-4E5C-9EED-A0456EB9EB17}
[2010/09/26 18:52:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/07 22:37:14 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2010/04/28 00:02:18 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/04/27 23:40:16 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2010/04/27 23:36:59 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/04/27 23:33:22 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 23:33:53 | 000,416,768 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,615,360 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,926 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/04/28 06:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll

========== LOP Check ==========

[2010/11/06 21:10:25 | 000,000,000 | ---D | M] -- C:\Users\Cathy\AppData\Roaming\AnvSoft
[2011/01/03 00:57:19 | 000,000,000 | ---D | M] -- C:\Users\Cathy\AppData\Roaming\Publish Providers
[2011/01/03 00:56:57 | 000,000,000 | ---D | M] -- C:\Users\Cathy\AppData\Roaming\Sony
[2011/01/18 00:22:26 | 000,000,000 | ---D | M] -- C:\Users\Cathy\AppData\Roaming\Tific
[2010/09/07 09:27:18 | 000,000,000 | ---D | M] -- C:\Users\Cathy\AppData\Roaming\Toshiba
[2010/07/07 22:36:28 | 000,000,000 | ---D | M] -- C:\Users\Cathy\AppData\Roaming\WinBatch
[2009/07/13 23:53:46 | 000,027,178 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU(17).TXT
[2011/04/17 14:24:01 | 000,032,566 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-28 15:36:14
-----------------------------
15:36:14.658 OS Version: Windows 6.1.7600
15:36:14.659 Number of processors: 2 586 0x1C0A
15:36:14.664 ComputerName: CATHY-PC UserName: Cathy
15:36:17.362 Initialize success
15:36:46.847 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:36:46.856 Disk 0 Vendor: FUJITSU_MJA2250BH_G2 00400018 Size: 238475MB BusType: 11
15:36:46.885 Disk 0 MBR read successfully
15:36:46.895 Disk 0 MBR scan
15:36:46.907 Disk 0 Windows VISTA default MBR code
15:36:46.927 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:36:46.955 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228352 MB offset 3074048
15:36:46.993 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8622 MB offset 470738944
15:36:47.012 Disk 0 scanning sectors +488396800
15:36:47.067 Disk 0 scanning C:\windows\system32\drivers
15:36:55.843 Service scanning
15:37:38.304 Modules scanning
15:38:02.564 Disk 0 trace - called modules:
15:38:02.624 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll ACPI.sys ataport.SYS PCIIDEX.SYS msahci.sys
15:38:02.652 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8473f518]
15:38:02.676 3 CLASSPNP.SYS[8660459e] -> nt!IofCallDriver -> \Device\THPDRV1[0x8473e030]
15:38:02.703 5 thpdrv.sys[86803bd9] -> nt!IofCallDriver -> [0x84658888]
15:38:02.729 7 ACPI.sys[8623a3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84656908]
15:38:02.756 Scan finished successfully
15:39:45.387 Disk 0 MBR has been saved successfully to "C:\Users\Cathy\Desktop\MBR.dat"
15:39:45.419 The log file has been saved successfully to "C:\Users\Cathy\Desktop\aswMBR.txt"
  • 0

#4
BlackOxide
Posted 28 March 2012 - 04:37 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
The logs look clean, which is good to see. I believe the problem could well be down to the netbook running low on RAM, as shown here:

1013.42 Mb Total Physical Memory | 69.59 Mb Available Physical Memory | 6.87% Memory free



Lets run a couple of other scans now, and if they come back fine as well, we'll then move on to trying to free up some more RAM if possible. A RAM upgrade may be needed on this netbook if the performance doesn't improve much, but we'll come to that shortly :)



1)
Lets run a Quick Scan with MBAM, to see if any malware traces are found...

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




2)
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



In your next reply
Please post the contents of...
MBAM log
SecurityCheck log
  • 0

#5
dtekka
Posted 30 March 2012 - 06:08 PM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
ok here is the malwarelog

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.28.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Cathy :: CATHY-PC [administrator]

3/28/2012 6:14:50 PM
mbam-log-2012-03-28 (18-14-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192871
Time elapsed: 23 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#6
dtekka
Posted 30 March 2012 - 06:29 PM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
and here is the other report you requested...

Results of screen317's Security Check version 0.99.32
Windows 7 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.3
Java™ 6 Update 14
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
  • 0

#7
BlackOxide
Posted 31 March 2012 - 11:28 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Okey dokey, lets get some of the programs updated to their latest versions, then we'll start trying to speed the netbook up.


Just follow the steps below...


1)
Update AVG Free 9.0 to AVG Free 2012

Click here to download the AVG Free 2012 installer. Once downloaded, double click on the file and follow the onscreen prompts. The installer will automatically remove version 9.0 and then upgrade it to 2012.



2)
Update Java

Click here to download the latest version of Java. Once downloaded, double click on the installation file and follow the prompts to install it.



3)
Update Adobe Reader

  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



4)
Could you now run Autoruns please. This will give me a list of the items Starting up with Windows. I can then get back to you with a list of items that can be safely disabled at boot, to try and speed things up a bit :)


Autoruns - Startup Items
  • Click here to download Autoruns and Save it to your Desktop
  • Extract the contents of Autoruns.zip by Right clicking it and choose Extract All (or Extract here if using WinRar)
  • Once the contents have been extracted you will see a folder called Autoruns
  • Open the folder and Right Click on autoruns and click Run as Administrator to launch the program
  • Let the program finish scanning your PC until it says Ready in the bottom left
  • Click File then Save, then in the Save as type box select Text (.txt) then in the File Name box above, call it StartupItems.txt and save it to your Desktop
  • Please attach the StartupItems.txt to your next reply

To attach a file...
  • Click Add Reply as you would do normally
  • Then within the 'Attachments' area, click Browse and select the file that you want to attach
  • Click the Attach This File button
  • Now click Add to Post on the right hand side, to insert the attachment into your post.





In your next reply
Please attach the Autoruns text file
  • 0

#8
dtekka
Posted 31 March 2012 - 02:12 PM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
attached is the file startupitems as you requested

Attached Files


  • 0

#9
BlackOxide
Posted 01 April 2012 - 03:47 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Lets now disable some startup items, clear the Temp/Junk Files and Run a Defrag with Auslogics. After you have doen these three steps, just let me know if you notice much of a speed increase in the Netbooks performance.



1)
Autoruns Startup Modify
Open Autoruns by Right Clicking on autoruns.exe and click Run as Administrator
Once it has finished scanning and you see Ready in the bottom left corner, click the Logon tab at the top
Untick the following items:

  • 00TCrdMain
  • Adobe ARM
  • Adobe Reader Speed Launcher
  • IgfxTray
  • KeNotify
  • Persistence
  • ToshibaServiceStation
  • TosNC
  • TosReelTimeMonitor
Once you have unticked those items, just close Autoruns using the top right X
Now reboot your PC




2)
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean



3)
Auslogics Disk Defrag
  • Click here to download Auslogics Disk Defrag
  • Once downloaded double click the file and follow the prompts to install (I would advise to UNtick the options to Install the Auslogics Toolbar and the Ask.com homepage as you go through the setup)
  • Once installed, run the program and at the top make sure the C: Drive is ticked
  • Then click the little downwards arrow next to Defrag and choose Defrag and Optimize
  • Once complete, please reboot the PC

  • 0

#10
dtekka
Posted 01 April 2012 - 07:49 PM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
ok... all of that is completed. Did you want me to post any logs of any sort? Is there any way I can kill programs running in the background that are utilizing my ram? I know we did some of that, I'd be willing to remove some more programs if they aren't system critical.
  • 0

Advertisements

#11
BlackOxide
Posted 02 April 2012 - 02:51 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts

Did you want me to post any logs of any sort?

Nope, no logs that time :)


Is there any way I can kill programs running in the background that are utilizing my ram? I know we did some of that, I'd be willing to remove some more programs if they aren't system critical.

Yep, not a problem, we'll disable some more now then. I only listed the ones above as there was a high chance none of them are actively needed. There are others that if they aren't used or they don't need that particular feature, they can be safely disabled from loading, so we'll do those now then. The system critical one's have been left out, as these are highly recommended to be left running.



Just as you did with the others, just load Autoruns, then untick the following:

  • GrooveMonitor
  • HotKeysCmds
  • NortonOnlineBackupReminder - (if they don't use the online backup feature)
  • SmoothView
  • Teco - (if they don't use the Toshiba Eco Utility to monitor power consumption used etc)
  • TUSBSleepChargeSrv - (if they aren't going to be charging USB devices whilst the laptop is in Sleep Mode)
  • TWebCamera


The one's that are still ticked after doing the above, I would leave, as they control things like Sound, HDD status, Power, Anti Virus etc.

Let me know after doing the above and rebooting, whether you notice any improvement on the speed :)
  • 0

#12
dtekka
Posted 02 April 2012 - 10:41 PM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I think it helped a bit, however Internet explorer and/or google chrome take a while to load. It feels like a minute, which isn't normal for this computer. Also, the windows firewall is disabled and it will not let me re-enable it. It gives me the option to "use recommended settings" however it just times out and gives me this error: Windows Firewall can't change some of your settings. Error code 0x8007042c
  • 0

#13
BlackOxide
Posted 03 April 2012 - 02:05 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Ok thanks for the info. Lets see if we can get to the root of this problem. Could you now run the following two programs please.



1)
Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now




2)
Reboot the Netbook before performing this step (even if ComboFix rebooted as part of it's scan)

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.




In your next reply
Please post the contents of...
ComboFix log
Farbar Service Scanner log
  • 0

#14
dtekka
Posted 03 April 2012 - 01:50 PM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
after the combofix restart, and my manual restart afterwords... things seem to be running much quicker. here are the logs you requested.

ComboFix 12-04-03.02 - Cathy 04/03/2012 13:43:21.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.379 [GMT -5:00]
Running from: c:\users\Cathy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-02 01:12 . 2012-04-03 04:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7012DCD7-1813-4667-AE61-F22F55E2F5A2}\offreg.dll
2012-04-01 22:28 . 2012-04-01 22:28 -------- d-----w- c:\users\Cathy\AppData\Roaming\Auslogics
2012-04-01 22:28 . 2012-04-01 22:28 -------- d-----w- c:\program files\Auslogics
2012-03-31 20:12 . 2012-03-20 08:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7012DCD7-1813-4667-AE61-F22F55E2F5A2}\mpengine.dll
2012-03-31 19:42 . 2012-03-31 19:42 -------- d-----w- c:\program files\Common Files\Java
2012-03-31 19:42 . 2012-03-31 19:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 19:42 . 2012-03-31 19:42 -------- d-----w- c:\program files\Java
2012-03-31 19:00 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-31 19:00 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-31 19:00 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-31 19:00 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-31 19:00 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-31 19:00 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-31 18:59 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-31 18:59 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-31 18:58 . 2012-03-31 18:58 -------- d-----w- c:\programdata\AVAST Software
2012-03-31 18:58 . 2012-03-31 18:58 -------- d-----w- c:\program files\AVAST Software
2012-03-31 18:29 . 2012-03-31 18:29 -------- d-----w- C:\$AVG
2012-03-28 23:13 . 2012-03-28 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-28 23:13 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 22:42 . 2012-03-23 22:42 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-03-23 22:42 . 2012-03-23 22:42 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-23 22:42 . 2012-03-23 22:42 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-23 22:42 . 2012-03-23 22:42 801792 ----a-w- c:\windows\system32\FntCache.dll
2012-03-23 22:42 . 2012-03-23 22:42 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-03-23 22:42 . 2012-03-23 22:42 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-23 22:42 . 2012-03-23 22:42 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-03-23 22:42 . 2012-03-23 22:42 107520 ----a-w- c:\windows\system32\cdd.dll
2012-03-23 22:42 . 2012-03-23 22:42 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-23 22:42 . 2012-03-23 22:42 3181568 ----a-w- c:\windows\system32\mf.dll
2012-03-23 22:42 . 2012-03-23 22:42 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-23 20:14 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-23 20:14 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-23 20:14 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-23 20:14 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-03-23 20:14 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-23 20:14 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-23 20:13 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-23 20:09 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-23 20:09 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-23 20:09 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-23 20:09 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-23 20:09 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-23 20:09 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2010-07-08 04:01 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-13 39408]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-29 7862816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-16 1586472]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-10-30 611672]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 135664]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 135664]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2010-06-18 19968]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 9472]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-06 230912]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-10-28 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-10-30 677232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 04:23]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 04:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNB&bmod=TSNB
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
AddRemove-ComcastHSI - c:\program files\support.com\uninstall\chsi_uninstaller.exe
AddRemove-Adobe ConnectNow Add-in - c:\users\Cathy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\acaddin\acaddin.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-03 14:06:05
ComboFix-quarantined-files.txt 2012-04-03 19:06
.
Pre-Run: 197,241,593,856 bytes free
Post-Run: 197,012,574,208 bytes free
.
- - End Of File - - 71386FDBD017EF640CE72A97F3DEEAEF



Farbar Service Scanner Version: 01-03-2012
Ran by Cathy (administrator) on 03-04-2012 at 14:47:27
Running from "C:\Users\Cathy\Downloads"
Microsoft Windows 7 Starter (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2011-11-08 20:23] - [2011-09-29 10:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\windows\system32\dnsrslvr.dll
[2011-04-15 18:00] - [2011-03-03 00:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\windows\system32\mpssvc.dll
[2009-07-13 18:53] - [2009-07-13 20:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\windows\system32\bfe.dll
[2009-07-13 18:54] - [2009-07-13 20:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll
[2009-07-13 18:23] - [2009-07-13 20:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\windows\system32\vssvc.exe
[2009-07-13 18:24] - [2009-07-13 20:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll
[2009-07-13 19:15] - [2009-07-13 20:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\windows\system32\qmgr.dll
[2009-07-13 18:30] - [2009-07-13 20:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#15
BlackOxide
Posted 03 April 2012 - 03:33 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Good to hear it's running quicker now :)

ComboFix has removed a couple of files which are related to the Toshiba software, so we'll put those files back now.

Could you also let me know whether that Windows Firewall error is still appearing, as it seems all of the Firewall's associated services and system files are in place and running normally.




Restore files with ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DEQUARANTINE::
C:\Qoobox\Quarantine\C\programdata\xp
C:\Qoobox\Quarantine\C\programdata\xp\EBLib.dll.vir
C:\Qoobox\Quarantine\C\programdata\xp\TPwSav.sys.vir
QUIT::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





In your next reply
Please post the contents of...
ComboFix log
Let me know whether the Windows Firewall is now working normally
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP