View Full Version : Ok I give up, require some help.
leejames75
2012-11-17, 23:59
Our 12 year old has been clicking on random links via his friends on facebook and has downloaded all these facebook games.
It's come to the point where the laptop is now becoming unresponsive.
Sometimes the internet browser or applications just disappear from the screen when my wife and I are on the laptop.
Windows updates won't install MS Office updates and return errors.
I have Avast & Zonealarm installed and nothing untoward has appeared on the virus check logs. However the system takes ages to start up and also shut down. Come to the point where 4gb of data is being removed every night from windows clean up and I am having to defrag the harddrive every night.
Come to point where I have reset the router and renewed the IP address and even contacted our telco provider to check the line, even had a new filter installed on the line.
Anyhelp or advice would be grateful.
Lee
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Lee James at 21:34:32 on 2012-11-17
#Option Extended Search is enabled.
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1013.52 [GMT 0:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Opera\opera.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\leejam~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{191A215B-673E-4A78-85ED-C3690F8F514C} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2012-5-15 11352]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-26 7168]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 60 ================
.
2012-11-14 23:50:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-11-14 23:50:55 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 23:50:10 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b9586fd6-0b73-485b-bf35-d18e47e06a89}\mpengine.dll
2012-11-14 23:38:04 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 23:35:13 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 21:17:28 -------- d-----w- c:\users\lee james\appdata\roaming\OpenOffice.org
2012-11-13 21:06:30 -------- d-----w- c:\program files\OpenOffice.org 3
2012-11-06 20:16:46 -------- d-----w- c:\users\lee james\appdata\local\RawTherapee3.0.1
2012-11-06 20:14:48 -------- d-----w- c:\program files\RawTherapee3.0.1
2012-11-04 21:51:00 -------- d-----w- c:\users\lee james\appdata\roaming\Thinstall
2012-11-04 21:50:58 -------- d-----w- c:\users\lee james\appdata\local\Thinstall
2012-11-04 21:49:26 -------- d-----w- C:\Lightroom22
2012-11-02 20:11:10 -------- d-----w- c:\users\lee james\appdata\local\Windows Live
2012-11-02 20:11:10 -------- d-----w- c:\program files\common files\Windows Live
2012-11-02 20:09:57 754688 ----a-w- c:\windows\system32\webservices.dll
2012-10-30 22:33:39 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:33:35 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:31:02 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:29:53 -------- d-----w- c:\programdata\AVAST Software
2012-10-30 22:29:53 -------- d-----w- c:\program files\AVAST Software
2012-10-28 21:09:08 -------- d-----w- C:\Test
2012-10-13 20:31:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-13 20:31:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-11 21:40:59 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-11 21:40:35 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 21:40:23 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 21:40:23 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 21:40:22 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 21:33:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-11 21:33:15 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-30 21:15:57 -------- d-----w- c:\users\lee james\appdata\roaming\GlarySoft
2012-09-30 21:08:06 -------- d-----w- c:\program files\Glarysoft
2012-09-30 20:58:57 -------- d-----w- c:\program files\Glary Utilities
2012-09-27 22:25:38 -------- d-----w- c:\program files\ESET
2012-09-26 21:48:41 -------- d-----w- c:\users\lee james\appdata\local\Apps
2012-09-21 21:13:39 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find6M ====================
.
2012-11-10 22:50:25 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-10 22:50:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 21:13:08 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-21 21:13:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-25 08:58:47 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-06-25 15:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 12:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:43:09.49 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-18 22:58:08
-----------------------------
22:58:08.473 OS Version: Windows 6.0.6002 Service Pack 2
22:58:08.473 Number of processors: 2 586 0xF0D
22:58:08.476 ComputerName: --SPARE-- UserName: Lee James
22:58:15.763 Initialize success
23:01:03.469 AVAST engine defs: 12101802
23:02:29.504 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:02:29.510 Disk 0 Vendor: TOSHIBA_ LV01 Size: 152627MB BusType: 3
23:02:29.573 Disk 0 MBR read successfully
23:02:29.579 Disk 0 MBR scan
23:02:29.847 Disk 0 Windows VISTA default MBR code
23:02:29.885 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:02:29.940 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76000 MB offset 3074048
23:02:30.131 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 75125 MB offset 158722048
23:02:30.260 Disk 0 scanning sectors +312578048
23:02:30.504 Disk 0 scanning C:\Windows\system32\drivers
23:03:33.395 Service scanning
23:07:15.142 Modules scanning
23:09:04.123 Disk 0 trace - called modules:
23:09:04.451 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:09:04.451 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864e0ac8]
23:09:04.467 3 CLASSPNP.SYS[86f1a8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x852d1028]
23:09:19.162 AVAST engine scan C:\
02:45:52.558 Scan finished successfully
04:49:43.961 Disk 0 MBR has been saved successfully to "C:\Users\Lee James\Desktop\MBR.dat"
04:49:44.211 The log file has been saved successfully to "C:\Users\Lee James\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-17 22:17:40
-----------------------------
22:17:40.489 OS Version: Windows 6.0.6002 Service Pack 2
22:17:40.489 Number of processors: 2 586 0xF0D
22:17:40.505 ComputerName: --SPARE-- UserName: Lee James
22:19:05.447 Initialize success
22:19:17.662 AVAST engine defs: 12111700
22:19:20.969 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:19:20.969 Disk 0 Vendor: TOSHIBA_ LV01 Size: 152627MB BusType: 3
22:19:21.047 Disk 0 MBR read successfully
22:19:21.047 Disk 0 MBR scan
22:19:21.062 Disk 0 Windows VISTA default MBR code
22:19:21.109 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:19:21.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76000 MB offset 3074048
22:19:21.281 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 75125 MB offset 158722048
22:19:21.312 Disk 0 scanning sectors +312578048
22:19:22.264 Disk 0 scanning C:\Windows\system32\drivers
22:20:13.229 Service scanning
22:21:01.932 Modules scanning
22:21:40.714 Disk 0 trace - called modules:
22:21:40.807 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:21:40.854 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8692eac8]
22:21:40.870 3 CLASSPNP.SYS[873138b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x856e6028]
22:21:43.288 AVAST engine scan C:\Windows
22:21:59.311 AVAST engine scan C:\Windows\system32
22:28:34.506 AVAST engine scan C:\Windows\system32\drivers
22:29:18.626 AVAST engine scan C:\Users\Lee James
22:44:08.648 AVAST engine scan C:\ProgramData
22:52:51.425 Scan finished successfully
22:54:11.524 Disk 0 MBR has been saved successfully to "C:\Users\Lee James\Desktop\MBR.dat"
22:54:11.587 The log file has been saved successfully to "C:\Users\Lee James\Desktop\aswMBR.txt"
Hello leejames75 and :welcome:
My name is JonTom
Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
PLEASE NOTE: If you do not reply after 3 days your thread will be closed.
Lets begin with the following:
Security Programs
I can see from your log that you have a number of real-time security programs running, namely ZoneAlarm Antivirus and avast! Antivirus.
Whilst both of these programs provide good security, they may clash with each other which can leave your system vulnerable to infection. Having multiple real time applications running at the same time will cause system slowness and reduced performance.
You are advised to remove one of these programs.
To do this:
Click on "Windows Orb" then on "Computer" and then on the "Uninstall or change a program" tab.
A list of currently installed programs will be displayed.
Find the program you want to uninstall, click on it once and then click on the "uninstall" button.
If you are prompted to re-boot your computer to complete the uninstall please do so.
Please make sure that you only have ONE Firewall and ONE real-time Antivirus running on your system.
Once you have uninstalled one of the real time antivirus programs, please re-scan with DDS and aswMBR and post the logs for me to review and we'll take things from there.
leejames75
2012-11-26, 00:10
Hello JonTom.
Many thanks for taking the time to help me.
I have uninstalled Zonealarm AV and Firewall and now using Windows Firewall, and now just have Avast as my AV. I will be asking a few questions at the end regarding Firewall and AV.
Please find enclosed my new logs.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Lee James at 22:25:13 on 2012-11-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1013.255 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Desktop SMS] c:\program files\idm\desktop sms\DesktopSMS.exe /auto
StartupFolder: c:\users\leejam~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{191A215B-673E-4A78-85ED-C3690F8F514C} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2011-1-10 25896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-30 44808]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-21 21504]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-26 7168]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-26 30192]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-11-24 08:40:01 -------- d-----w- c:\program files\MyDefrag v4.3.1
2012-11-23 08:51:41 -------- d-----w- c:\users\lee james\appdata\local\SlimWare Utilities Inc
2012-11-23 08:50:36 -------- d-----w- c:\program files\SlimCleaner
2012-11-22 20:51:06 -------- d-----w- c:\users\lee james\appdata\roaming\QuickScan
2012-11-17 23:15:24 -------- d-----w- c:\programdata\PCPitstop
2012-11-14 23:50:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-11-14 23:50:55 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 23:38:04 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 23:35:13 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 21:17:28 -------- d-----w- c:\users\lee james\appdata\roaming\OpenOffice.org
2012-11-13 21:06:30 -------- d-----w- c:\program files\OpenOffice.org 3
2012-11-06 20:16:46 -------- d-----w- c:\users\lee james\appdata\local\RawTherapee3.0.1
2012-11-06 20:14:48 -------- d-----w- c:\program files\RawTherapee3.0.1
2012-11-04 21:49:26 -------- d-----w- C:\Lightroom22
2012-11-02 20:11:10 -------- d-----w- c:\users\lee james\appdata\local\Windows Live
2012-11-02 20:11:10 -------- d-----w- c:\program files\common files\Windows Live
2012-11-02 20:09:57 754688 ----a-w- c:\windows\system32\webservices.dll
2012-10-30 22:33:39 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:33:35 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:31:02 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:29:53 -------- d-----w- c:\programdata\AVAST Software
2012-10-30 22:29:53 -------- d-----w- c:\program files\AVAST Software
2012-10-28 21:09:08 -------- d-----w- C:\Test
.
==================== Find3M ====================
.
2012-11-10 22:50:25 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-10 22:50:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 21:13:10 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-21 21:13:08 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-21 21:13:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 22:26:53.79 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/01/2011 22:30:08
System Uptime: 25/11/2012 21:54:34 (1 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | CPU | 800/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 15.269 GiB free.
E: is FIXED (NTFS) - 73 GiB total, 68.188 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP636: 24/11/2012 23:14:44 - Scheduled Checkpoint
RP638: 25/11/2012 20:26:53 - Revo Uninstaller's restore point - Samsung Kies
RP639: 25/11/2012 20:33:23 - Removed Samsung Kies
RP641: 25/11/2012 21:29:13 - Revo Uninstaller's restore point - Samsung Kies
.
==== Installed Programs ======================
.
7-Zip 9.21
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
avast! Free Antivirus
BleachBit
Camera Assistant Software for Toshiba
CCleaner
CD/DVD Drive Acoustic Silencer
CleanUp!
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
Defraggler
Desktop SMS
DivX Setup
DVD MovieFactory for TOSHIBA
EOS 20D WIA Driver
FileZilla Client 3.5.1
Google Desktop
Google Earth
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2003 Web Components
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MyDefrag v4.3.1
myphotobook 3.5
NetWaiting
OpenOffice.org 3.4.1
Opera 12.11
Picasa 3
QuickTime
RawTherapee 3.0.1
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Recuva
Revo Uninstaller 1.94
SAMSUNG USB Driver for Mobile Phones
Secunia PSI (3.0.0.3001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Windows Media Encoder (KB2447961)
Serif WebPlus Starter Edition 3.0
Skype™ 5.10
SlimCleaner
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TRDCReminder
TRORDCLauncher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Windows Media Encoder 9 Series
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
25/11/2012 21:55:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
25/11/2012 21:17:29, Error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).
25/11/2012 19:51:48, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
25/11/2012 19:51:48, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/11/2012 19:51:46, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
25/11/2012 19:47:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
25/11/2012 19:21:25, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
25/11/2012 19:19:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
25/11/2012 19:19:19, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/11/2012 09:40:58, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
25/11/2012 09:35:58, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
24/11/2012 17:44:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Notebook Performance Tuning Service (TEMPRO) service to connect.
24/11/2012 16:57:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
24/11/2012 10:17:49, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
24/11/2012 09:49:02, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AswRdr aswSnx aswSP aswTdi DfsC kl2 KLIF NetBIOS netbt nsiproxy PSched RasAcd rdbss RtlProt SBRE Smb spldr tdx Vsdatant Wanarpv6 ws2ifsl
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
24/11/2012 09:48:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
24/11/2012 09:48:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
24/11/2012 09:48:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
24/11/2012 09:48:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
24/11/2012 09:48:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
24/11/2012 09:48:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
23/11/2012 08:47:26, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
23/11/2012 08:38:17, Error: Service Control Manager [7022] - The TPM Base Services service hung on starting.
22/11/2012 13:09:45, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
22/11/2012 12:22:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
22/11/2012 08:18:35, Error: EventLog [6008] - The previous system shutdown at 08:17:09 on 22/11/2012 was unexpected.
20/11/2012 14:22:19, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
20/11/2012 09:53:29, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
19/11/2012 09:52:46, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/11/2012 09:52:45, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
19/11/2012 09:52:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
19/11/2012 09:47:25, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
19/11/2012 09:47:24, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
.
==== End Of File ===========================
Hello leejames75
Come to the point where 4gb of data is being removed every night from windows clean up and I am having to defrag the harddrive every night What exactly is it that is being removed? As for the defrag, there is no need to run one every night.
There is nothing jumping out at me from the logs you have posted which leads me to believe (at this time) that the problem may very well be related to the amount of RAM you have installed.
This machine has just over 1GB of RAM in total. With two real time antivirus programs running you had almost used up all of the machines available RAM.
By uninstalling Zonealarm we have recovered 0.25GB of RAM to draw upon but this is still quite low. As soon as you run anything that requires some serious system power your machine will most likely struggle.
Having said that, lets continue by running some additional scans in case anything has been missed:
Junkware Removal Tool
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shutdown your antivirus to avoid any conflicts.
Right-mouse click JRT.exe and select Run as administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message
Please post the JRT log in your next reply.
leejames75
2012-11-26, 21:03
Hi JonTom.
Yes, CleanUp (StevenGould) can sometimes recover 10Gb each evening.
As stated, our 12 year old is a bit of a facebook fanatic, and after he finishes, that is when the laptop is so unresponsive.
He has admitted downloading apps and games to the computer via Facebook.
However he won't allow me nor his mum to vet his account to find out what apps he has linked with his account.
He uses youtube alot to watch films and has been typing in the links to watch the films that appear on the teaser footage of these films.
Zonealarm would be working overtime and the amount of intrusion blocks that would be reported was worrying.
Hence at the moment, he is not allowed to use the laptop.
The last straw is when I wasn't able to install the MS Office updates via windows update, and finding that the disk was not in it's place as he lent it to a school friend, and has not got it back.
So therefore unable to do a fresh reinstall of Office.
When I do have to shutdown the laptop, because it becomes unresponsive and explorer freezes, the popup appears asking to wait, restart or close explorer.
The laptop takes ages to shutdown, and when it boots up, it takes ages to startup. I know the laptop is getting long in the tooth, but feel that although software wise nothing has changed installation wise since purchasing it and installing photo editing software and applying the updates as and when required. I feel that the excessive internet browsing our son is doing is causing the laptop to creak. As the HDD light is constantly on.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.5.4 (11.26.2012)
OS: Windows Vista (TM) Home Premium x86
Ran by Lee James on 26/11/2012 at 19:23:32.28
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Lee James\appdata\locallow\boost_interprocess"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/11/2012 at 19:31:50.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hello leejames75
Not a great deal detected by the Junkware Removal Tool.
Lets see what the following can tell us:
Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216).
Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Should there be issues with internet afterward:
In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
Please post the Combofix log in your next reply.
leejames75
2012-11-27, 22:36
Here is the combofix log.
Interesting to see that Zonealarm/Checkpoint and PCPitstop are not fully removed, and McAfee (Original pre install - but used McAfee removal tool when expired) is still referenced.
ComboFix 12-11-27.01 - Lee James 27/11/2012 20:56:33.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1013.352 [GMT 0:00]
Running from: c:\users\Lee James\Desktop\LJ.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lee James\AppData\Local\Temp\ppcrlui_2836_2
c:\users\LEEJAM~1\AppData\Local\Temp\ppcrlui_2836_2
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-10-27 to 2012-11-27 )))))))))))))))))))))))))))))))
.
.
2012-11-27 21:12 . 2012-11-27 21:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-27 21:12 . 2012-11-27 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-27 20:39 . 2012-11-19 01:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20D767EE-B8AC-4F67-AC03-9E620BCD18CF}\mpengine.dll
2012-11-26 22:40 . 2012-11-26 22:45 -------- d-----w- c:\windows\system32\catroot2
2012-11-26 22:19 . 2008-05-08 06:03 303616 ----a-w- C:\SetACL.exe
2012-11-26 21:52 . 2012-11-26 22:31 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-11-26 21:52 . 2004-06-12 00:33 290304 ----a-w- C:\subinacl.exe
2012-11-26 21:24 . 2012-11-26 21:24 -------- d-----w- C:\RegBackup
2012-11-26 21:19 . 2012-11-26 22:31 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-11-26 21:18 . 2012-11-26 21:18 -------- d-----w- c:\program files\Tweaking.com
2012-11-26 19:22 . 2012-11-26 19:22 -------- d-----w- c:\windows\ERUNT
2012-11-26 19:21 . 2012-11-26 19:21 -------- d-----w- C:\JRT
2012-11-25 23:16 . 2012-11-25 23:16 -------- d-----w- c:\program files\CheckPoint
2012-11-24 08:40 . 2012-11-24 16:10 -------- d-----w- c:\program files\MyDefrag v4.3.1
2012-11-23 08:51 . 2012-11-23 08:51 -------- d-----w- c:\users\Lee James\AppData\Local\SlimWare Utilities Inc
2012-11-23 08:50 . 2012-11-23 23:43 -------- d-----w- c:\program files\SlimCleaner
2012-11-23 00:00 . 2012-11-23 00:00 -------- d-----w- c:\program files\7-Zip
2012-11-22 20:51 . 2012-11-22 20:51 -------- d-----w- c:\users\Lee James\AppData\Roaming\QuickScan
2012-11-17 23:15 . 2012-11-18 09:10 -------- d-----w- c:\programdata\PCPitstop
2012-11-14 23:50 . 2012-10-08 07:50 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-11-14 23:50 . 2012-10-08 07:47 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 23:38 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 23:35 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 21:17 . 2012-11-13 21:17 -------- d-----w- c:\users\Lee James\AppData\Roaming\OpenOffice.org
2012-11-13 21:06 . 2012-11-13 21:06 -------- d-----w- c:\program files\OpenOffice.org 3
2012-11-06 20:27 . 2012-11-06 20:27 -------- d-----w- c:\users\Lee James\AppData\Roaming\gtk-2.0
2012-11-06 20:16 . 2012-11-06 20:20 -------- d-----w- c:\users\Lee James\AppData\Local\RawTherapee3.0.1
2012-11-06 20:14 . 2012-11-06 20:15 -------- d-----w- c:\program files\RawTherapee3.0.1
2012-11-04 21:49 . 2012-11-04 21:49 -------- d-----w- C:\Lightroom22
2012-11-02 20:11 . 2012-11-02 20:11 -------- d-----w- c:\users\Lee James\AppData\Local\Windows Live
2012-11-02 20:11 . 2012-11-02 20:11 -------- d-----w- c:\program files\Common Files\Windows Live
2012-11-02 20:09 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2012-10-30 22:34 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:34 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:33 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:33 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:33 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:33 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:31 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:30 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-30 22:29 . 2012-10-30 22:29 -------- d-----w- c:\programdata\AVAST Software
2012-10-30 22:29 . 2012-10-30 22:29 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-10 22:50 . 2012-06-02 11:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-10 22:50 . 2011-08-29 10:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2012-06-11 00:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 21:13 . 2012-09-21 21:13 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-21 21:13 . 2012-07-11 19:26 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-21 21:13 . 2011-01-11 02:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 13:28 . 2012-10-11 21:40 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-08-27 1050072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 1507328]
.
c:\users\Lee James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 22:50]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 21:58]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 21:58]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-ZoneAlarm Installer - c:\program files\CheckPoint\Install\Launcher.exe
MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
AddRemove-ZoneAlarm Security - c:\program files\CheckPoint\Install\Install.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2686827 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2729449 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2737019 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-27 21:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-11-27 21:19:25
ComboFix-quarantined-files.txt 2012-11-27 21:19
.
Pre-Run: 46,012,309,504 bytes free
Post-Run: 45,870,469,120 bytes free
.
- - End Of File - - E9E1F4B99D6323594F9A9352976B3F3A
Hello leejames75
Why did you re-name combofix?
Interesting to see that Zonealarm/Checkpoint and PCPitstop are not fully removed Many uninstall routines do not completely remove the installed program. More often than not there are remnants of the program left behind. While they cause no harm in themselves, a utility such as Revo Uninstaller can be used to remove these leftovers.
Lets continue:
CKScanner
Download CKScanner by askey127 from here (http://downloads.malwareremoval.com/CKScanner.exe) and save it to your Desktop.
Right click CKScanner.exe and select "Run as Administrator", then click on Search For Files.
When the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
MalwareBytes AntiMalware:
I can see that you have MBAM installed.
Double click on your MalwareBytes AntiMalware icon to launch the program.
Click on the "Update" tab and then on "Check for Updates".
The program will now install the latest Malware definition files.
Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
Once the program has scanned your computer, a log file will be created in Notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
Come back here to this thread and Paste the log in your next reply.
Please run the following scan
Note: You will need to use Internet Explorer for this scan.
Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
Please disable your real time security programs before performing the scan.
Scan your system with Eset Online Scanner (http://www.eset.com/onlinescan/)
Place a check mark in the box YES, I accept the Terms Of Use.
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option to "Remove Found Threats" is UN checked.
Push the "Start" button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please post the CKScanner log, the MBAM log and the ESET log in your next reply.
leejames75
2012-11-29, 00:49
Used Revo to remove remainder of Zonealarm and PCPitstop but these were not listed.
Here is the CKscanner log.
CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\users\lee james\appdata\local\roblox\versions\version-7b3d65c79aa445d1\content\textures\vol_ice_cracked2.dds
scanner sequence 3.AP.11.TNNAJP
----- EOF -----
Here is the MBAM log.
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.28.09
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Lee James :: --SPARE-- [administrator]
28/11/2012 21:57:36
mbam-log-2012-11-28 (21-57-36).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200161
Time elapsed: 21 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
leejames75
2012-11-29, 00:51
Eset log will be posted later:
Eset log will be posted later :bigthumb:
leejames75
2012-11-29, 16:58
O/H has said that nothing has been found by ESET.
And the only option is a button to finish and uninstall the scanner on close.
Hello leeejames75
nothing has been found by ESET Thats good :)
How is the machine running at the moment?
Please re-scan with DDS and post the dds.txt log in your next reply.
leejames75
2012-11-30, 22:06
Hi JonTom
On a scale of 1 to 10 with 10 being unresponsive and 1 being very fast, I would rate the laptop as a 6. Bootup time is still slow and would say it takes 2 minutes for the desktop to appear, and when the desktop appears it is nearly another minute before, I can click on anything.
When it comes to shutting down, when I cross off any application and then choose shutdown, it takes over a minute for the shutting down screen to appear then it takes another couple of minutes to do what ever it is that it is doing before total shutdown. During this stage the HDD light starts to have a fit.
As we are wireless, I have been doing a check of the router whilst the laptop is in shutdown mode and that too has a fit.
Here is the DDS Log.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Lee James at 20:47:15 on 2012-11-30
#Option Extended Search is enabled.
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1013.260 [GMT 0:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Desktop SMS] c:\program files\idm\desktop sms\DesktopSMS.exe /auto
StartupFolder: c:\users\leejam~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{191A215B-673E-4A78-85ED-C3690F8F514C} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2011-1-10 25896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-30 44808]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-21 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-10-13 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-7-25 681056]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-8-27 124368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-26 7168]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-26 30192]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 60 ================
.
2012-11-27 21:19:38 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-27 20:52:51 98816 ----a-w- c:\windows\sed.exe
2012-11-27 20:52:51 256000 ----a-w- c:\windows\PEV.exe
2012-11-27 20:52:51 208896 ----a-w- c:\windows\MBR.exe
2012-11-27 20:39:33 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-11-27 20:39:16 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{20d767ee-b8ac-4f67-ac03-9e620bcd18cf}\mpengine.dll
2012-11-26 22:40:06 -------- d-----w- c:\windows\system32\catroot2
2012-11-26 22:19:44 303616 ----a-w- C:\SetACL.exe
2012-11-26 21:52:03 290304 ----a-w- C:\subinacl.exe
2012-11-26 21:24:57 -------- d-----w- C:\RegBackup
2012-11-26 21:19:16 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-11-26 21:18:55 -------- d-----w- c:\program files\Tweaking.com
2012-11-26 19:22:54 -------- d-----w- c:\windows\ERUNT
2012-11-26 19:21:47 -------- d-----w- C:\JRT
2012-11-25 23:16:19 -------- d-----w- c:\program files\CheckPoint
2012-11-24 08:40:01 -------- d-----w- c:\program files\MyDefrag v4.3.1
2012-11-23 08:51:41 -------- d-----w- c:\users\lee james\appdata\local\SlimWare Utilities Inc
2012-11-23 08:50:36 -------- d-----w- c:\program files\SlimCleaner
2012-11-22 20:51:06 -------- d-----w- c:\users\lee james\appdata\roaming\QuickScan
2012-11-17 23:15:24 -------- d-----w- c:\programdata\PCPitstop
2012-11-14 23:50:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-11-14 23:50:55 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 23:38:04 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 23:35:13 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 21:17:28 -------- d-----w- c:\users\lee james\appdata\roaming\OpenOffice.org
2012-11-13 21:06:30 -------- d-----w- c:\program files\OpenOffice.org 3
2012-11-06 20:16:46 -------- d-----w- c:\users\lee james\appdata\local\RawTherapee3.0.1
2012-11-06 20:14:48 -------- d-----w- c:\program files\RawTherapee3.0.1
2012-11-04 21:49:26 -------- d-----w- C:\Lightroom22
2012-11-02 20:11:10 -------- d-----w- c:\users\lee james\appdata\local\Windows Live
2012-11-02 20:11:10 -------- d-----w- c:\program files\common files\Windows Live
2012-11-02 20:09:57 754688 ----a-w- c:\windows\system32\webservices.dll
2012-10-30 22:33:39 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:33:35 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:31:02 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:29:53 -------- d-----w- c:\programdata\AVAST Software
2012-10-30 22:29:53 -------- d-----w- c:\program files\AVAST Software
2012-10-28 21:09:08 -------- d-----w- C:\Test
2012-10-13 20:31:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-13 20:31:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-11 21:40:59 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-11 21:40:35 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 21:40:23 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 21:40:23 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 21:40:22 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 21:33:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-11 21:33:15 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find6M ====================
.
2012-11-10 22:50:25 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-10 22:50:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 21:13:10 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-21 21:13:08 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-21 21:13:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-25 08:58:47 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-06-25 15:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
============= FINISH: 20:48:44.53 ===============
And here is the Attach Log. I notice that there are issues in the Event Viewer. The Office Update failures are possibly due to a .Net Framework update. Of which there is conflicting posts and possible solutions on the MS Forums.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/01/2011 22:30:08
System Uptime: 30/11/2012 09:27:30 (11 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | CPU | 800/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 45.328 GiB free.
E: is FIXED (NTFS) - 73 GiB total, 68.188 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP649: 30/11/2012 00:47:13 - Scheduled Checkpoint
RP650: 30/11/2012 19:22:55 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.21
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
avast! Free Antivirus
BleachBit
Camera Assistant Software for Toshiba
CCleaner
CD/DVD Drive Acoustic Silencer
CleanUp!
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
Defraggler
Desktop SMS
DivX Setup
DVD MovieFactory for TOSHIBA
EOS 20D WIA Driver
FileZilla Client 3.5.1
Google Desktop
Google Earth
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2003 Web Components
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MyDefrag v4.3.1
myphotobook 3.5
NetWaiting
OpenOffice.org 3.4.1
Opera 12.11
Picasa 3
QuickTime
RawTherapee 3.0.1
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Recuva
Revo Uninstaller 1.94
SAMSUNG USB Driver for Mobile Phones
Secunia PSI (3.0.0.3001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Media Encoder (KB2447961)
Serif WebPlus Starter Edition 3.0
Skype™ 5.10
SlimCleaner
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TRDCReminder
TRORDCLauncher
Tweaking.com - Windows Repair (All in One)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Windows Media Encoder 9 Series
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
30/11/2012 09:27:32, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
30/11/2012 09:27:32, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
30/11/2012 09:27:32, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
30/11/2012 09:27:32, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/11/2012 06:31:40, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
29/11/2012 00:04:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Word 2003 (KB2687483).
28/11/2012 23:51:14, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Excel 2003 (KB2687481).
28/11/2012 23:50:46, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2760492).
28/11/2012 09:28:51, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
28/11/2012 09:28:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
28/11/2012 09:23:55, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Notebook Performance Tuning Service (TEMPRO) service to connect.
27/11/2012 21:13:10, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
27/11/2012 20:54:26, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
27/11/2012 08:48:36, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Secunia PSI Agent service to connect.
27/11/2012 08:48:36, Error: Service Control Manager [7000] - The Secunia PSI Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/11/2012 22:39:47, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x80092003 Error description: An error occurred while reading or writing to a file. Signatures loading: Default Loading signature version: 1.0.0.0 Loading engine version: 1.1.3007.0
26/11/2012 22:36:16, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80092003 Error description: An error occurred while reading or writing to a file. Signatures loading: Backup Loading signature version: 0.0.0.0 Loading engine version: 0.0.0.0
.
==== End Of File ===========================
Hello leejames75
Your latest DDS log appears to be clean.
As for your system speed issues, they do not appear to be malware related. I believe they are caused by lack or RAM as I mentioned earlier.
Are you receiving any popups, redirects, error messages etc besides the update error message?
Lets see if the following can help with the update issues:
===
Please download Windows Repair (all in one) from here (http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio_setup.exe)
Install the program then run it
Go to step 2 and allow it to run Disk check
http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture3.gif
Once that is done then go to step 3 and allow it to run SFC
http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture.gif
On the the Start Repairs tab => Click the Start
http://i.imgur.com/7fthj.png
Click on the select all check box and then click on Start
DON'T use the computer while each scan is in progress.
Restart may be needed to finish the repair procedure.
===
The following may help with your system speed issues, but there is only so much you can do with the limited RAM at your disposal:
Defragment your hard drive
Download and run Auslogics Disc Defragmenter.
You can find it here: http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fwww.auslogics.com%2Fen%2Fsoftware%2Fdisk-defrag%2Fdownload
StartupLight
You may wish to try StartupLite. Simply download this tool to your desktop and run it.
It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup.
This will result in fewer programs running when you boot your system, and should improve performance.
You can find it here: http://www.malwarebytes.org/startuplite.php
More information can be found in the link below:
http://www.bleepingcomputer.com/forums/index.php?showtopic=87058&view=findpost&p=487112
For support with your router you will have to start a thread in a networking forum. I recommend one of the following: here (http://forums.pcpitstop.com/index.php?/forum/8-networking-email-and-internet-connections/) or here (http://forums.whatthetech.com/index.php?showforum=123)
leejames75
2012-12-01, 23:52
Hi JonTom.
Thanks for the extra tools.
Sadly the Windows Tweaking Tool has found many corrupt files and is unable to repair them. I've ran Windows update again. Only the MS Office, Excel, Word and Outlook updates are not working.
The log Tweaking Tool has produced has found many corrupt files relating to MS Office.
Windows Update is coming back with Error 80070643. Obviously this will have to be taken up via a Windows Tech Support Forum. But googling the error code has found that this error is more to a conflict of previous Windows updates corrupting the Office Files.
It does look like I may have to invest in another copy of Office :mad:
Startup is faster, but shutdown is still taking longer, as it used to be instant shutdown.
As I am using AVAST as a virus checker. And removed Zonealarm which also had a virus checker, to revert back to the Windows Firewall.
Which Firewall (free) is a suitable replacement to Windows Firewall?
Hello leejames75
The log Tweaking Tool has produced has found many corrupt files relating to MS Office You may have to re-install it.
Which Firewall (free) is a suitable replacement to Windows Firewall? There is nothing wrong with Windows firewall but you can also try one of these if you wish.
Please be aware that a third party firewall may slow your system further due to the extra demand on system RAM.
For a free Firewall try one of the following:
Comodo Personal Firewall (http://www.comodo.com/home/download/download.php?prod=firewall)
NOTE: If you use a Third Party AnitiVirus, make sure you uncheck the option to install Comodo AntiVirus when you install Comodo Firewall.
Sygate Personal Firewall (http://www.filehippo.com/download_sygate_personal_firewall/%5b/url%5d)
Outpost Firewall (http://www.agnitum.com/products/outpostfree/index.php)
Lets remove our tools in the steps below:
Please Uninstall Combofix
Hold down the Windows key (has the Windows symbol on it) and press the "R" key.
A Run box will open.
Type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.
Removal of Tools
You no longer need DDS, aswMBR, Junkware Removal Tool, CKScanner or Windows Repair. Please delete them from your machine.
Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.
Finally, please take the time to read through the information provided below:
Enhance your System Security
For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here. (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)
IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
Once complete, remember to re-engage your resident security before going online.
Web Browsers and Browser Security
Firefox
Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here. (http://www.mozilla.com/en-US/firefox/)
No-Script
If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
You can download No-Script by clicking here. (https://addons.mozilla.org/en-US/firefox/addon/722)
Internet Explorer
The newest version of Internet Explorer is available from here. (http://www.microsoft.com/windows/internet-explorer/?ocid=ie8_s_94735d11-65d1-4bb8-bf6f-72d7b059a928)
SpywareBlaster
If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
You can download SpywareBlaster by clicking here. (http://www.javacoolsoftware.com/sbdownload.html)
Web of Trust
When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
You can download Web of Trust by clicking here. (http://www.mywot.com/)
Keep your Software Updated
Outdated software can sometimes have vulnerabilities that are exploitable by malware.
Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here. (http://secunia.com/vulnerability_scanning/online/)
Passwords
Learn how to create strong passwords by clicking here (http://www.microsoft.com/protect/yourself/password/create.mspx) and test the strength of the passwords you already use by clicking here. (http://www.microsoft.com/protect/yourself/password/checker.mspx)
General Reading
PC Safety and Security - What do I need? (http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html)
How to prevent Malware (by Miekiemoes) (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
Learn How To Combat Malware
Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here. (http://forums.whatthetech.com/What_Tech_Classroom_t80368.html)
leejames75
2012-12-03, 23:51
JonTom
Many thanks for help.
I shall look at "What the Tech", and register when time permits.
Lee
Hello leejames75
I shall look at "What the Tech", and register when time permitsI am a member at WTT and you will receive excellent Tech Assistance there.
Many thanks for help You are Very Welcome :)
Best wishes,
JonTom
Since this problem appears to be resolved this topic is now closed.
Glad we could help :)
Best wishes
JonTom