Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely slow performance and some infections!


  • This topic is locked This topic is locked
3 replies to this topic

#1 Catloverx2

Catloverx2

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 28 January 2015 - 10:09 PM

Helping my friend with her laptop.  It is so slow it is nearly unusable.  I have run thru the usual chkdsk, surface scan, ran hdd diagnostics, checked for device manager conflicts, checked startup programs and services to no avail.  This is an older low-end laptop, but still used to be much faster than it is currently.  I also ran a couple antimalware apps on my own with no increased performance (mbam, adwcleaner, etc.)  Any help is appreciated.

 

FRST Log File

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by SHARRON at 2015-01-28 20:53:22
Running from C:\Users\SHARRON\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.00.10(T) - )
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.02 - TOSHIBA)
CleanUp! (HKLM\...\CleanUp!) (Version:  - )
Desktop Dialer (HKLM\...\Desktop Dialer) (Version:  - )
Diner Dash - Flo on the Go (HKLM\...\WT022087) (Version: WT022087 - WildTangent)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.0911.03589 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}) (Version: 10.2.1.1 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 6.1 (HKLM\...\{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}) (Version: 6.10.156.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
oggcodecs 0.71.0946 (HKLM\...\oggcodecs) (Version: 0.71.0946 - illiminable)
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.0.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}) (Version: 1.23.0000 - Texas Instruments Inc.)
TIPCI (Version: 1.23.0000 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.00.00 - )
TOSHIBA ConfigFree (HKLM\...\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}) (Version: 7.00.21 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.0a - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.00.00 - TOSHIBA Corporation)
TOSHIBA Game Console (HKLM\...\TOSHIBA Game Console) (Version:  - WildTangent)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.45.50.8C - TOSHIBA)
TOSHIBA Music (HKLM\...\{0E9C4531-58C4-4349-AD2F-A4D999E451EC}) (Version: 1.00.1 - Toshiba America Information Systems)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.6 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.2 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.45.50.5C - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.8 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Utility Common Driver (Version: 0.0.50.4C - TOSHIBA) Hidden
Windows Server Update Services 3.0 SP2 Console (HKLM\...\Windows Server Update Services 3.0 SP2) (Version: 3.2.7600.226 - Microsoft Corporation)
WinDVD for TOSHIBA (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B6.107 - InterVideo Inc.)
WinDVD for TOSHIBA (Version: 8.0-B6.107 - InterVideo Inc.) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2761698881-1108942884-4274663404-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-2761698881-1108942884-4274663404-1000_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
 
==================== Restore Points  =========================
 
10-12-2014 16:15:30 Windows Update
15-12-2014 11:25:59 Windows Update
21-01-2015 18:19:55 Windows Update
21-01-2015 20:44:02 Revo Uninstaller's restore point - 24x7 Help
21-01-2015 20:51:02 Revo Uninstaller's restore point - Inbox Toolbar
21-01-2015 20:57:28 Revo Uninstaller's restore point - Yahoo! Toolbar
21-01-2015 21:16:46 Revo Uninstaller's restore point - Advanced SystemCare 8
21-01-2015 21:20:51 Revo Uninstaller's restore point - Adobe Reader 8
21-01-2015 21:24:20 Revo Uninstaller's restore point - Java™ SE Runtime Environment 6
21-01-2015 21:28:20 Revo Uninstaller's restore point - Driver Booster 2.1
21-01-2015 21:30:57 Revo Uninstaller's restore point - FixCleaner
21-01-2015 21:31:30 Removed FixCleaner
21-01-2015 21:35:40 Revo Uninstaller's restore point - Surfing Protection
22-01-2015 00:16:11 Revo Uninstaller's restore point - IObit Security 360
22-01-2015 00:27:05 Revo Uninstaller's restore point - Adobe Shockwave Player 11.5
22-01-2015 00:29:34 Revo Uninstaller's restore point - Adobe Flash Player 16 ActiveX
22-01-2015 00:31:03 Revo Uninstaller's restore point - IObit Uninstaller
22-01-2015 00:42:23 avast! antivirus system restore point
22-01-2015 09:03:54 Windows Update
27-01-2015 22:33:08 Windows Update
28-01-2015 08:31:30 Windows Update
28-01-2015 19:45:38 Revo Uninstaller's restore point - TOSHIBA Flash Cards Support Utility
28-01-2015 19:47:50 Configured TOSHIBA Flash Cards Support Utility
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 04:23 - 2015-01-21 23:03 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07821709-6CA4-49AB-9C44-A1694A595613} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-16] (Google Inc.)
Task: {2152310E-5065-4C70-A7F3-2591BC224AB3} - System32\Tasks\{94F6A28E-0C11-4490-9E43-89DAA03F87B5} => pcalua.exe -a D:\Setup.EXE -d D:\
Task: {2C47066A-7D69-4D04-90F4-683A37089F4D} - System32\Tasks\{3BBF61DF-47F1-42BD-BFED-E5838AC58EFF} => pcalua.exe -a "C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe"
Task: {2CD7774D-7A35-48E0-85FA-3710C8AE5985} - \Driver Booster SkipUAC (SHARRON) No Task File <==== ATTENTION
Task: {457348A0-B38C-437A-B630-7BD8560DAD98} - System32\Tasks\{DE923E49-5E63-4A82-A8FD-F3BB513AD67C} => pcalua.exe -a "C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe"
Task: {4914086D-4964-417D-BD51-924ACAF86B0C} - System32\Tasks\{80618EC0-D178-4D4C-83D4-EACA65F8050B} => pcalua.exe -a D:\Setup.EXE -d D:\
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {6E258BEF-74AE-4A68-B445-420704959E45} - System32\Tasks\{61159BA8-C3B7-4CC9-85B0-25D96B5FED2A} => pcalua.exe -a D:\Setup.EXE -d D:\
Task: {707E5B73-0123-489B-BA51-3A31BE08C31E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2007-02-05] (Microsoft Corporation)
Task: {7846D44B-3FEE-4930-A25F-559FDB7A11B1} - System32\Tasks\{782E7FC0-BBF9-4B28-A292-EFFFA34BD3EB} => pcalua.exe -a C:\Users\SHARRON\Downloads\PhotoExplosion3.0PanoramaMaker.exe -d C:\Users\SHARRON\Desktop
Task: {7A6E8C6F-2DE3-4F7B-AE31-CFC0C89E1F80} - System32\Tasks\{A2A84708-9B16-41B4-A441-8C0879F476F5} => pcalua.exe -a C:\Users\SHARRON\Downloads\ie6setup.exe -d C:\Users\SHARRON\Desktop
Task: {80411856-E169-4442-AA7E-53290AD02FB2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-22] (AVAST Software)
Task: {862EE3DF-6027-404F-A045-D78E4C39C3CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-16] (Google Inc.)
Task: {A5BD0348-85FC-4271-8D18-80C7F5BE008E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {ACDD310F-57C1-44F1-B3DF-C2EB93C99D99} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {AFE993B1-98A7-488D-A388-D936D82C3080} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {D9DDB507-2C2C-4A7C-AA07-84711AF4A32A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe
Task: {E8CC3693-C4D5-49E5-A00D-EC75A9934F48} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-28 08:27 - 2015-01-28 08:27 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012800\algo.dll
2006-08-10 16:00 - 2006-08-10 16:00 - 00094208 _____ () C:\Windows\System32\TosBtHcrpAPI.dll
2007-05-23 18:50 - 2007-01-25 18:47 - 00136816 _____ () C:\TOSHIBA\IVP\ISM\pinger.exe
2007-05-23 18:50 - 2007-01-25 18:50 - 00063096 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2015-01-22 00:45 - 2015-01-22 00:46 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-28 18:20 - 2015-01-25 15:08 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-28 18:20 - 2015-01-25 15:08 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-28 18:20 - 2015-01-25 15:08 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.93\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeNotify => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: Lexmark X5400 Series Fax Server => "C:\Program Files\Lexmark X5400 Series\fm3032.exe" /s
MSCONFIG\startupreg: LtMoh => C:\Program Files\ltmoh\Ltmoh.exe
MSCONFIG\startupreg: MSSE => "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2761698881-1108942884-4274663404-500 - Administrator - Disabled)
Guest (S-1-5-21-2761698881-1108942884-4274663404-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2761698881-1108942884-4274663404-1003 - Limited - Enabled)
SHARRON (S-1-5-21-2761698881-1108942884-4274663404-1000 - Administrator - Enabled) => C:\Users\SHARRON
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/28/2015 07:45:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {62d7a765-46d0-4c1c-97b6-dcfd01521367}
 
Error: (01/22/2015 01:04:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 38018
 
Error: (01/22/2015 01:04:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 38018
 
Error: (01/22/2015 01:04:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/22/2015 01:04:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32807
 
Error: (01/22/2015 01:04:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32807
 
Error: (01/22/2015 01:04:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/22/2015 01:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25226
 
Error: (01/22/2015 01:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25226
 
Error: (01/22/2015 01:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (01/28/2015 08:11:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Tosrfcom
 
Error: (01/28/2015 08:10:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TOSHIBA Bluetooth Service service failed to start due to the following error: 
%%1053
 
Error: (01/28/2015 08:10:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA Bluetooth Service service to connect.
 
Error: (01/28/2015 08:10:43 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
Error: (01/28/2015 08:10:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IS360service service failed to start due to the following error: 
%%2
 
Error: (01/28/2015 08:10:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Advanced SystemCare Service 8 service failed to start due to the following error: 
%%2
 
Error: (01/28/2015 07:32:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Defender service hung on starting.
 
Error: (01/28/2015 07:31:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%1053
 
Error: (01/28/2015 07:31:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error: (01/28/2015 07:26:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Tosrfcom
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2006-12-26 02:47:46.471
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Essentials\Drivers\mpfilter\mpfilter.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2006-12-26 02:47:46.471
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Essentials\Drivers\mpfilter\mpfilter.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2006-12-26 02:47:46.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Essentials\Drivers\mpfilter\mpfilter.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2006-12-26 02:47:46.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Essentials\Drivers\mpfilter\mpfilter.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2006-12-26 02:43:58.038
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Essentials\Drivers\mpfilter\mpfilter.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2006-12-26 02:43:57.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Essentials\Drivers\mpfilter\mpfilter.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2006-12-26 02:43:57.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Essentials\Drivers\mpfilter\mpfilter.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2006-12-26 02:43:57.586
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Essentials\Drivers\mpfilter\mpfilter.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2006-12-26 02:42:27.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Essentials\Drivers\mpfilter\mpfilter.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2006-12-26 02:42:27.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Essentials\Drivers\mpfilter\mpfilter.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® M CPU 530 @ 1.73GHz
Percentage of memory in use: 91%
Total physical RAM: 502.12 MB
Available physical RAM: 44.38 MB
Total Pagefile: 1670.12 MB
Available Pagefile: 547.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.92 MB
 
==================== Drives ================================
 
Drive c: (SQ004508V01) (Fixed) (Total:73.06 GB) (Free:37.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 69BD10D8)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=73.1 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================ 

Attached Files



BC AdBot (Login to Remove)

 


#2 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:27 AM

Posted 29 January 2015 - 10:46 PM

Hi Catloverx2,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

With that being said, I think the primary problem can be determined by looking at the computer's specs

Processor: Intel® Celeron® M CPU 530 @ 1.73GHz
Percentage of memory in use: 91%
Total physical RAM: 502.12 MB
Available physical RAM: 44.38 MB
Total Pagefile: 1670.12 MB
Available Pagefile: 547.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.92 MB

Programs are very diffferent today then they were just a few years ago. Unfortunately, this computer just does not have the necessary amount of RAM (Random Access Memory) to function at a comfortable level.

We can still run some scans and see if there is any malware present. But I doubt we can make any changes that will make this machine run at a pace as it has in the past.

In your last reply you posted the Addition.txt log twice. The FRST.txt log should be located on your Desktop, please post that in your next reply. Also, if you still have the AdwCleaner log post that as well.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#3 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:27 AM

Posted 01 February 2015 - 11:08 PM

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#4 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:27 AM

Posted 03 February 2015 - 11:28 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users