Spybot Version: 2.4 Home Edition
Windows Version: Windows Vista 32-bit

I am constantly losing disk space without logical reason. No one else uses the computer.
For weeks I have had to regularly use Microsoft "Disc Cleanup" but then the process re-starts and I lose about 10 Gb per day.

I use Disc Cleanup's option of removing everything prior to the last restore point. Twice a week I create a new restore point and then do a cleanup.
I think I have a virus as my downloads off the internet rarely reach 2 GB per month.

I have used Windows (Vista) Explorer "Advanced Search" looking for large files and/or files new or modified since a recent date (Including system files) but can see nothing suspicious.

It seems to happen when the system sleeps or when the screen saver is in use. The system comes out of "Sleep" by itself so when I open the laptop the screen saver is already running and I don't have to "wake" the system up.

Your help would be greatly appreciated.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-08-2015
Ran by Peter (administrator) on SUPER-PC (20-08-2015 16:59:01)
Running from C:\Users\Peter\Downloads
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Windows\tsnp2std.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sonix) C:\Windows\vsnp2std.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Farbar) C:\Users\Peter\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [Google Update] => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-08] (Google Inc.)
HKU\S-1-5-18\...\Run: [Google Photos Backup] => C:\Windows\System32\config\systemprofile\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-07-11] (Google, Inc)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-08-23]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1647386704-1107108042-2413953793-1000] => localhost:21320
HKU\PE_C_PETER_2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.comsec.com.au/
HKU\PE_C_PETER_2\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ninemsn.com.au/?ocid=iehp
HKU\PE_C_PETER_2\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bom.gov.au/products/IDR664.loop.shtml
hxxp://www.google.com/finance
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.comsec.com.au/
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bom.gov.au/products/IDR664.loop.shtml
hxxp://www.google.com/finance
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\PE_C_PETER_2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1647386704-1107108042-2413953793-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Download - {777D0B4C-75C9-4874-ABFF-80B4BE8DC532} - C:\Program Files\Diodia Software\Download Toolbar\DTB.dll [2007-05-20] (Diodia Software)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{DEC06BFB-DF1D-45F3-A77A-FD481DD00E24}: [DhcpNameServer] 211.29.132.12 198.142.0.51
Tcpip\..\Interfaces\{E2EEDAEA-5C4D-43DF-8DE1-69AB544994FF}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-08] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-08] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-02]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-04]
FF HKU\S-1-5-21-1647386704-1107108042-2413953793-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-08]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-08]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-08]
CHR Extension: (Google Cast) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-08-02]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-08-02]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-08]
CHR Extension: (Google Docs Offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-07-29]
CHR Extension: (Film Homepage) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hldclendgimaebbgkojkkhapdpgdcing [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-26]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R5 ACPI; C:\Windows\System32\drivers\acpi.sys [265688 2009-04-10] (Microsoft Corporation)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 APL531; C:\Windows\System32\Drivers\ov550i.sys [580992 2006-07-31] (Omnivision Technologies, Inc.) [File not signed]
R5 atapi; C:\Windows\System32\drivers\atapi.sys [19944 2009-04-10] (Microsoft Corporation)
R5 CLFS; C:\Windows\System32\CLFS.sys [244152 2015-03-05] (Microsoft Corporation)
R5 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [20792 2008-01-18] (Microsoft Corporation)
R5 crcdisk; C:\Windows\System32\drivers\crcdisk.sys [22632 2006-11-02] (Microsoft Corporation)
R5 disk; C:\Windows\System32\drivers\disk.sys [53736 2009-04-10] (Microsoft Corporation)
R5 Ecache; C:\Windows\System32\drivers\ecache.sys [140224 2015-07-22] (Microsoft Corporation)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58936 2008-01-18] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Microsoft Corporation)
R5 intelide; C:\Windows\System32\drivers\intelide.sys [17976 2008-01-18] (Microsoft Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [440768 2015-06-12] (Microsoft Corporation)
R5 MountMgr; C:\Windows\System32\drivers\mountmgr.sys [56256 2015-07-22] (Microsoft Corporation)
R5 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R5 msahci; C:\Windows\System32\drivers\msahci.sys [27112 2009-04-10] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [16440 2008-01-18] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [48104 2009-04-10] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [527848 2009-04-10] (Microsoft Corporation)
R5 O2MDRDR; C:\Windows\System32\DRIVERS\o2media.sys [34176 2005-11-14] (O2Micro )
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [53120 2012-03-21] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [149480 2009-04-10] (Microsoft Corporation)
R5 pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [177640 2009-04-10] (Microsoft Corporation)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12212736 2007-08-21] ()
R5 spldr; C:\Windows\system32\Drivers\spldr.sys [21048 2008-01-18] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [905664 2014-04-05] (Microsoft Corporation)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [43040 2010-04-10] (Realtek Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [52792 2008-01-18] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [292840 2009-04-10] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [224640 2012-08-21] (Microsoft Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2013-06-27] (Microsoft Corporation)
S4 blbdrive; no ImagePath
S3 IpInIp; no ImagePath
S1 MpKsl75b4858b; no ImagePath
S3 NTIOLib_1_0_4; no ImagePath
S3 NwlnkFlt; no ImagePath
S3 NwlnkFwd; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-20 16:56 - 2015-08-20 16:56 - 01677312 _____ (Farbar) C:\Users\Peter\Downloads\FRST (1).exe
2015-08-20 16:48 - 2015-08-20 16:48 - 01997137 _____ C:\Users\Peter\Downloads\tweaking.com_registry_backup_portable (1).zip
2015-08-19 19:45 - 2015-08-19 19:49 - 00001117 _____ C:\Users\Peter\Desktop\Windows Error Reporting -.lnk
2015-08-15 20:02 - 2015-08-15 20:02 - 00000000 ___DC C:\81febf40c361d2a78cf1
2015-08-14 10:17 - 2015-08-14 10:17 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-14 10:17 - 2015-08-14 10:17 - 00000000 ___RD C:\Program Files\Skype
2015-08-14 10:17 - 2015-08-14 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-14 10:17 - 2015-08-14 10:17 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-13 17:57 - 2015-08-18 16:28 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-08-13 17:07 - 2015-08-13 17:07 - 00000000 ___DC C:\6e9d546ed783cf8d4c9285af2bd313
2015-08-13 17:00 - 2015-08-20 17:00 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2015-08-13 17:00 - 2015-08-13 17:00 - 00000000 ____D C:\Users\Peter\AppData\Local\Skype
2015-08-13 16:55 - 2015-08-14 10:18 - 00000000 ____D C:\ProgramData\Skype
2015-08-12 14:25 - 2015-07-22 06:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 14:25 - 2015-07-22 02:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-12 14:25 - 2015-07-22 02:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 14:25 - 2015-07-22 02:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-12 14:25 - 2015-07-22 02:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 14:25 - 2015-07-22 02:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-12 14:25 - 2015-07-22 02:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 14:25 - 2015-07-22 02:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 14:22 - 2015-08-01 05:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 14:22 - 2015-07-10 00:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-12 14:21 - 2015-07-11 05:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 14:18 - 2015-07-12 01:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 13:07 - 2015-07-19 02:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 13:05 - 2015-07-11 05:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 13:05 - 2015-07-11 05:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 13:04 - 2015-08-01 08:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 13:04 - 2015-08-01 07:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-12 13:04 - 2015-08-01 07:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-12 13:04 - 2015-08-01 07:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-12 13:04 - 2015-08-01 07:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-12 13:04 - 2015-08-01 06:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 13:04 - 2015-08-01 06:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-12 13:04 - 2015-08-01 06:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-12 13:04 - 2015-08-01 06:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 13:04 - 2015-08-01 06:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 13:04 - 2015-08-01 06:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 13:04 - 2015-08-01 06:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 13:02 - 2015-07-02 01:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 13:01 - 2015-07-23 06:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 13:01 - 2015-07-23 06:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 13:01 - 2015-07-23 06:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 13:01 - 2015-07-23 06:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 13:01 - 2015-07-23 06:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 13:01 - 2015-07-23 06:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 13:01 - 2015-07-23 06:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-12 13:01 - 2015-07-23 06:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 13:01 - 2015-07-23 06:44 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 13:01 - 2015-07-23 06:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 13:01 - 2015-07-23 06:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 13:01 - 2015-07-23 06:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 13:01 - 2015-07-23 06:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 13:01 - 2015-07-23 06:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-12 13:01 - 2015-07-23 06:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 13:01 - 2015-07-23 06:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 13:01 - 2015-07-23 06:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 13:01 - 2015-07-23 06:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-12 13:01 - 2015-07-23 06:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-12 13:01 - 2015-07-23 06:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-12 13:01 - 2015-07-23 06:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 13:01 - 2015-07-10 00:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 13:01 - 2015-07-10 00:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 13:00 - 2015-07-23 06:54 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-11 11:08 - 2015-08-11 11:08 - 00013916 _____ C:\Users\Peter\Downloads\CSVData (1).csv
2015-08-11 11:03 - 2015-08-11 11:03 - 00001813 _____ C:\Users\Peter\Downloads\CSVData.csv
2015-08-06 11:20 - 2015-08-06 11:20 - 00000000 ____D C:\Windows\pss
2015-08-06 11:14 - 2015-08-20 16:44 - 00000266 _____ C:\Windows\Tasks\PC-Mechanic Maintenance.job
2015-08-06 11:14 - 2015-08-18 16:30 - 00000266 _____ C:\Windows\Tasks\PC-Mechanic Subscription.job
2015-08-06 11:13 - 2015-08-06 11:13 - 00001016 _____ C:\Users\Public\Desktop\PC Mechanic.lnk
2015-08-06 11:13 - 2015-08-06 11:13 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Uniblue
2015-08-06 11:13 - 2015-08-06 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2015-08-06 11:13 - 2015-08-06 11:13 - 00000000 ____D C:\Program Files\Uniblue
2015-07-30 12:46 - 2015-07-30 12:46 - 05198336 _____ (AVAST Software) C:\Users\Peter\Downloads\aswMBR.exe
2015-07-30 12:27 - 2015-07-30 12:27 - 01187736 _____ (Uniblue Systems Limited ) C:\Users\Peter\Downloads\pcmechanicpm.exe
2015-07-29 20:41 - 2015-07-29 20:42 - 00042067 _____ C:\Users\Peter\Downloads\Addition.txt
2015-07-29 20:39 - 2015-08-20 16:59 - 00018561 _____ C:\Users\Peter\Downloads\FRST.txt
2015-07-29 20:38 - 2015-08-20 16:59 - 00000000 ___DC C:\FRST
2015-07-29 20:37 - 2015-07-29 20:37 - 01673728 _____ (Farbar) C:\Users\Peter\Downloads\FRST.exe
2015-07-29 20:34 - 2015-07-29 20:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SUPER-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-07-29 20:33 - 2015-07-29 20:33 - 00000000 ___DC C:\RegBackup
2015-07-29 20:32 - 2015-07-29 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-29 20:32 - 2015-07-29 20:32 - 00000000 ____D C:\Program Files\Tweaking.com
2015-07-29 20:29 - 2015-07-29 20:29 - 04720448 _____ C:\Users\Peter\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-29 10:44 - 2015-07-29 10:44 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-29 10:44 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-20 16:41 - 2013-08-08 16:59 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-20 16:31 - 2014-02-08 14:26 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-08-20 16:08 - 2013-08-04 08:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-20 15:59 - 2006-11-02 22:47 - 00003792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-20 15:59 - 2006-11-02 22:47 - 00003792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-20 15:35 - 2013-08-08 17:00 - 00002029 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-20 15:00 - 2014-03-27 09:45 - 00000714 _____ C:\Windows\Tasks\Scan most recently used file in the background (Spybot - Search & Destroy).job
2015-08-20 14:31 - 2014-02-08 14:26 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-08-20 10:16 - 2006-11-02 22:52 - 01521895 _____ C:\Windows\WindowsUpdate.log
2015-08-20 10:00 - 2014-02-28 11:49 - 00000294 _____ C:\Windows\Tasks\AVSRegistryCleaner.job
2015-08-19 15:03 - 2013-08-12 16:37 - 00000125 _____ C:\Windows\SwDrvs.ini
2015-08-19 14:20 - 2006-11-02 21:18 - 00000000 ____D C:\Windows\tracing
2015-08-19 14:09 - 2013-08-12 16:37 - 00000244 _____ C:\Windows\MYOBP.INI
2015-08-19 14:09 - 2013-08-12 16:37 - 00000039 _____ C:\Windows\MYOB.INI
2015-08-19 10:00 - 2013-08-04 08:20 - 00000618 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-08-18 16:27 - 2013-08-02 14:56 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-08-18 16:27 - 2006-11-02 23:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 08:47 - 2006-11-02 23:01 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-17 13:13 - 2013-08-04 10:58 - 00038433 _____ C:\Users\Peter\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-08-12 15:04 - 2006-11-02 21:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 14:56 - 2006-11-02 22:47 - 02206256 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 14:52 - 2014-03-27 11:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 14:51 - 2006-11-02 22:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-08-12 14:26 - 2013-08-03 20:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 14:25 - 2014-03-27 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 13:17 - 2013-08-02 17:13 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 13:09 - 2006-11-02 20:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-12 13:08 - 2013-08-04 08:25 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 13:08 - 2013-08-04 08:25 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-07 13:27 - 2013-08-04 08:19 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-08-06 13:23 - 2013-08-04 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 11
2015-08-01 11:16 - 2013-08-04 08:20 - 00000448 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-07-29 20:03 - 2013-08-08 16:59 - 00000000 ____D C:\Users\Peter\AppData\Local\Google
2015-07-29 10:43 - 2014-08-30 09:58 - 00062360 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-07-28 22:11 - 2015-06-23 15:07 - 00000000 ____D C:\Program Files\TeamViewer
2015-07-23 13:40 - 2013-08-04 12:42 - 00023552 _____ C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-22 00:30 - 2006-11-02 20:23 - 00450690 ____R C:\Windows\system32\Drivers\etc\hosts.20150819-100032.backup

==================== Files in the root of some directories =======

2013-08-04 10:58 - 2015-08-17 13:13 - 0038433 _____ () C:\Users\Peter\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-04-27 14:39 - 2014-08-10 15:18 - 0009323 _____ () C:\Users\Peter\AppData\Roaming\Comma Separated Values (Windows).EML
2014-07-13 17:33 - 2014-07-13 17:33 - 0038422 _____ () C:\Users\Peter\AppData\Roaming\Microsoft Excel.ADR
2015-01-07 11:44 - 2015-01-07 11:44 - 0026876 _____ () C:\Users\Peter\AppData\Roaming\UserTile.png
2013-08-02 14:50 - 2013-08-02 15:29 - 0000680 _____ () C:\Users\Peter\AppData\Local\d3d9caps.dat
2013-08-04 12:42 - 2015-07-23 13:40 - 0023552 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-12 15:13 - 2015-04-12 15:13 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-02 15:37 - 2014-05-02 15:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-08-04 14:14 - 2013-08-04 14:27 - 0000771 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-18 16:34

==================== End of log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-08-20 17:30:08
-----------------------------
17:30:08.229 OS Version: Windows 6.0.6002 Service Pack 2
17:30:08.229 Number of processors: 2 586 0xF0D
17:30:08.231 ComputerName: SUPER-PC UserName: Peter
17:30:11.997 Initialize success
17:30:12.210 VM: initialized successfully
17:30:12.212 VM: Intel CPU virtualization not supported
17:35:29.625 AVAST engine defs: 15081901
17:35:44.958 The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-08-20 17:30:08
-----------------------------
17:30:08.229 OS Version: Windows 6.0.6002 Service Pack 2
17:30:08.229 Number of processors: 2 586 0xF0D
17:30:08.231 ComputerName: SUPER-PC UserName: Peter
17:30:11.997 Initialize success
17:30:12.210 VM: initialized successfully
17:30:12.212 VM: Intel CPU virtualization not supported
17:35:29.625 AVAST engine defs: 15081901
17:35:44.958 The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"
17:35:58.732 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
17:35:58.735 Disk 0 Vendor: TOSHIBA_MK1646GSX LB113J Size: 152627MB BusType: 3
17:35:58.954 Disk 0 MBR read successfully
17:35:58.958 Disk 0 MBR scan
17:35:59.140 Disk 0 Windows VISTA default MBR code
17:35:59.162 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1000 MB offset 2048
17:35:59.236 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 151625 MB offset 2050048
17:35:59.277 Disk 0 scanning sectors +312578048
17:35:59.850 Disk 0 scanning C:\Windows\system32\drivers
17:36:42.896 Service scanning
17:37:23.867 Service MpKsl716c12e2 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C31F754D-891C-440D-902A-2DCA82F7A699}\MpKsl716c12e2.sys **LOCKED** 32
17:38:05.829 Modules scanning
17:38:05.838 Disk 0 trace - called modules:
17:38:05.858 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
17:38:05.867 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864f8ac8]
17:38:05.877 3 CLASSPNP.SYS[8ab9d8b3] -> nt!IofCallDriver -> [0x85d10898]
17:38:05.887 5 acpi.sys[82ca66bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85d598a0]
17:38:07.783 AVAST engine scan C:\Windows
17:38:19.173 AVAST engine scan C:\Windows\system32
17:46:21.650 AVAST engine scan C:\Windows\system32\drivers
17:47:00.151 AVAST engine scan C:\Users\Peter
17:54:36.055 AVAST engine scan C:\ProgramData
17:57:56.434 Disk 0 statistics 2565250/0/0 @ 1.84 MB/s
17:57:56.445 Scan finished successfully
17:59:40.855 Disk 0 MBR has been saved successfully to "C:\Users\Peter\Desktop\MBR.dat"
17:59:40.945 The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"

Running from C:\Users\Peter\Downloads

It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
ProxyServer: [S-1-5-21-1647386704-1107108042-2413953793-1000] => localhost:21320
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\PE_C_PETER_2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt

Still need help?

Still need help?

I have run the JRT 3 times and after about 7 hours the disc activity stops. I rechecked 2-3 hours later and no change. JRT's last print was "Checking Shortcuts" on each of the 3 attempts.

Note: Obviously I don't watch the process continuously so I don't know when it stalled each time.

Possibly it was my fault as I may have not properly shutdown Spybot. I am reasonably confident about Windows Security as Windows Defender was definitely off.

With Spybot I went to its System Services tab and turned off the 3 choices. When I returned to Spybot this morning I saw that the Ticks on Spybots opening page were in fact still on.

Since then I have searched and searched but cannot find how to temporarily shut Spybot down.

I wrongly assumed FRST created Fixlist.txt automatically so I wasted a lot of time until I realised it was waiting for me to choose possibly bad files and paste them to a new Fixlist.txt. Quite bravely I got rid of some files this way as you will see on the fixlog.txt.

I notice that my print screen function is not working right now.

I often get advice from Spybot about a second user with the program. Is this report caused by part of the problem? There is only one user, me. Perhaps if there was another user they might be more experienced and keep me out of trouble.

I really appreciate your patience with me being such a novice at this.

New reports attached.

Sounds like JRT hung up.

We'll continue.

https://www.safer-networking.org/faq/how-to-disable-spybot-sd-temporarily/
The above link should supply instructions how to temporarily disable SpyBot.

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) TO YOUR DESKTOP




Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i24.photobucket.com/albums/c30/ken545/0841859c-1a35-4dbd-b41a-e720629e3e22_zpst0yckuua.png



On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes


~~~~~~~~~~~~~~~~~~~~~~``

Sorry, but the instructions did not match current Spybot.

I used Advanced Tools - Settings - Live Protection - Mode - Advanced Controls and pressed "Deactivate Live Protection".

Response was this message "The Live Protection System Driver could not be deactivated. You can uninstall and reboot..."

The Start Centre page of Spybot is now showing "Live Protection: Partial".

I will uninstall in 20 hours and proceed with Malwarebytes Anti Malware unless you say otherwise.

Thanks

Peter

Peter

A temporary uninstall might be the best solution for right now.

Talk again soon.
Peter

I have run JRT and Malwarebytes Anti Malware and their logs are attached. Nothing that I can see except they don't like P C Mechanic. I am not too impressed either but it came long after my problem started.

JRT's run time dropped from about 7 hours to about 5 mins with Spybot uninstalled.

Post Win10 Spybot re-installed the main program like a dream.

Regards

Peter

At this time go on and uninstall/delete P C Mechanic. (Unless you paid for this program)

Has anything changed? Any improvements with the computer?

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

IF, you have an external USB device plugged in this will be scanned too. If this is attached the scan can take considerably longer.

Note: Since this scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

Thanks Juliet.

I did purchase P C Mechanic but Anti Mal seems to have quarantined it as it has gone from the desk to at least.

The instructions for disabling Spybot were the same out of date ones as before.

Eset worked OK after I made a small change to Spybot. Settings/Live protection and Un-tick "Scan problems before they start"

In the 7.5 hours since Eset finished and I put the system to sleep it lost only 0.1 Gb of space. Compared to previously that was better.

When I returned to the computer just now it was still in sleep mode, a pleasant surprise.

I will monitor the loss of space over today and let you know.

Eset scan report attached.


Regards

Peter

Hi Juliet

In the further 7 hours since the last message the free space has shrunk by another 0.10 Gb but the computer stayed in sleep until I woke it.

Whatever this thing is, it is able to wake the computer from sleep and is able to operate without Task Manager showing activity. When I do a "Clean Up" the longest pause is whilst it looks at Windows system memory dump files.

Not many of my programs would be able to "wake" my computer. If there was a common routine to do that maybe I could search for it to see if I had a bad copy somewhere. Obviously I am plucking at straws.

I was about ready to format the lot and go buy Win 10. My mate got a freebie copy of it from MS and he now says to wait for a month or two especially as I don't have a touchscreen computer.

Thanks for trying.

Regards

Peter

Considering the age of the computer we may not be able to find what the problem is.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CreateRestorePoint:
CloseProcesses:
C:\Windows\FixCamera.exe
EmptyTemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/XrDFflh.png CKScanner

Please download CKScanner (http://downloads.malwareremoval.com/CKScanner.exe) and save the file to your Desktop.
Right-Click CKScanner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Search For Files.
When the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Please run this programme only once.
A log (CKFiles.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.

OK Juliett

I have done that and 2 files attached.

Thanks

Peter

By chance, any improvements?

Thanks Juliet

In the 9.5 hours since FixCamera.exe was removed no space has been lost.:eek::eek::eek::eek:

I will check again this evening (Its 8.30 am here.)

Thank you (Many times)

Regards

Peter

Thanks Juliet

In the 9.5 hours since FixCamera.exe was removed no space has been lost.

I will check again this evening (Its 8.30 am here.)

Peter

Would be nice if that was it!

report back once more and let me know how it goes.

Alas 0.3 Gb has disappeared in the last 7 hours while in sleep mode.

Weep

Regards

Peter

Another 5 hours on and the computer spent that time awake but idle on screensaver.

My free space has shrunk by 8.40 Gb in those 5 hours.

I wish I had a log of that supposedly idle time, to see what was not idle.

Regards

Peter

Also please download Windows Repair (all in one) from here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)

http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/step-4-tab.jpg
Install the program then go to step 4 and create a new system restore point and new registry backup.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
http://i1.ifrm.com/228/109/upload/p22001645.gif



NEXT
On the the Start Repairs tab => Click the Start
http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/start-repairs-tab.jpg


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
http://i1.ifrm.com/228/109/upload/p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.

Hi Juliet
I have run Window Repair twice as per their recommendation.

It has changed since your instructions for it by a couple of versions at least.

I have only had control back for a while and the first thing I tried to do was Create a restore point and do a disc clean-up. The system would not do either of these actions. The disc clean-up just hangs and I have to use Task Manager to close it.

I have lost another 11.5 Gb since booting up this morning and have only 12.8 Gb left.

I have to confess that I thought you were referring to the "Pro" edition so I bought it and discovered that it is only a bit different to the Free edition. The "Pro" edition has a number of extra repair options which I unchecked beforehand. I did however tick the two "Pro" features:-
1 Run Custom Scripts After repairs.
2 Apply System tweaks after repairs.
I don't know if this was a mistake.

Another feature of the "Pro" edition is an improved Disc Clean Up function

Just what I need but it does not work and I suspect it is causing the original windows item to malfunction.

I have not regained the Print Screen function.

Enough for today. I will try again tomorrow.

I will send a copy of this message to Tweaking.com (Key No. 3466019221)

Regards

Peter

My opinion is we're not dealing with malware but rather a full system.
Not sure that makes sense and, I may not have described that correctly but, we're about at the end of what we can do for searching for malware.

https://support.microsoft.com/en-us/kb/2598438
Please read over the above article that might shed some light and give a couple of options to free up space.


~~~~~
If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/306529-emergency-backup-procedure.html)

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Place ComboFix.exe on your Desktop <--Important

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

Hi Juliet

I can't see how it could be a full system when I could easily cleanup 35 Gb of free space. Losing about 10 Gb of that space a day tells me it is a resident problem.

I have not heard back from Shane at Tweaking.com as he has weekends off.

In the meantime I will have to mostly leave the computer shutdown.

Regards

Peter

Did you run the last scan?

You could be very right. It could very well be a resident tool or software that causes this but, which one, I haven't found.

Hi Juliet

I was waiting for a reply from Tweaking.com forum but no help so far.

Attached are several logs and in ComboFix the log refers to drivers "SWISSARMY" AND "MPKSL4511C4C3".

I put those through FRST with the following result MBAMSWISSARMY => Error: No automatic fix found for this entry.
MPKSL4511C4C3 => Error: No automatic fix found for this entry.

Not sure if that is good or not (Swiss Army looked suspicious to me.).

I am desperate to get back the abilities to create a restore point and do a Disc Clean-up. I have only 11.80 Gb of free space left. I can't work around the original problem if I can't get these two back.

Regards

Peter

Attached are several logs and in ComboFix the log refers to drivers "SWISSARMY" AND "MPKSL4511C4C3".

I put those through FRST with the following result MBAMSWISSARMY => Error: No automatic fix found for this entry.
MPKSL4511C4C3 => Error: No automatic fix found for this entry.

Not sure if that is good or not (Swiss Army looked suspicious to me.).


MBAMSwissArmy.sys
is a normal and legitimate file for MBAM (Malwarebytes' Anti-Malware)

c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{651A3338-2AC0-432D-A9B8-9E036FACC3F4}\MpKsl4511c4c3.sys
Is a legit folder related to Microsoft Security Essentials
You do not want to delete those folders/files.


AVS Registry Cleaner is registry cleaner/fixer utility whose purported purpose is to remove redundant items from the Windows registry.
RiskWare 61% remove it

Please take a moment to read about the dangers of using registry cleaners.
We DO NOT recommend the use of registry cleaners/optimizers for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry (http://en.wikipedia.org/wiki/Windows_Registry) is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry (http://www.techsupportalert.com/pdf/e1209.pdf).
Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners (http://www.edbott.com/weblog/?p=643)
Do I need a Registry Cleaner? (http://www.whatthetech.com/2007/11/25/do-i-need-a-registry-cleaner/)


For this reason I recommend you uninstall AVS Registry Cleaner.


FixCamera.exe is also found in your start up folder.
MSConfigStartUp-FixCamera - c:\windows\FixCamera.exe

Did you follow these instructions to use Disk clean up?
http://windows.microsoft.com/en-us/windows/delete-files-using-disk-cleanup#delete-files-using-disk-cleanup=windows-vista

2 Hours ago I had only 11.8 Gb of free space. I then did 2 things.

Attempted to run FRST to again get rid of FixCamera.exe but it stalled on trying to create a restore point.
Ran the basic Disc Cleanup routine (The primary option which does not require a restore point).

A while later I went back to "Computer" and saw the magic change to available space. Incidentally I was trying to download a picture of my Disc Cleanup "More Options" page from my camera when I went to "Computer" as my camera was not logging in. My version of Windows/Disc Cleanup refers specifically to certain versions of Vista holding backup information from earlier restore points. I have been creating a new restore point and clearing all the stuff before it. It has worked like a charm until Windows Repair changed it.

Your comments about AVS Registry cleaner are noted and I will uninstall it. But I have been using it for a couple of years without problems. It is currently unusable anyway as it needs to create a Restore Point first up.

From my position running Windows repair has caused more problems immediately than anything else.

On message 14 I sent you the Fixlog showing FRST had removed FixCamera.exe.

If the ComboFix log did not show anything "bad" I guess we have explored all avenues.

Thanks for doing your best.

Regards

Peter

I'm sorry, I read the log wrong. ComboFix did take it out.

- - ORPHANS REMOVED - -
MSConfigStartUp-FixCamera - c:\windows\FixCamera.exe

~~~~~~~~~~~~~`
For restore points.
It's possible Windows Repair changed or reset settings back to default.

Type services.msc in the start search box. Click on the 'gear' icon.

Once the window has opened up, scroll down to
Volume Shadow Copy service

Is it set to automatic? If it isn't, then set it, reboot and see if you can make a new restore point.

~~~
Try the above and let me know how that works out.

Yes I did that and changed it from Manuel to Auto.
But when I click on System/System Protection, it cannot find the last Restore Point and the Button to create a Restore Pointed is "Faded".

Regards

Peter

Peter

From here I need to ask you to register at this forum for tech support
http://forums.whatthetech.com/index.php?showforum=119

Members here work on these types of issues and are highly regarded tech experts.

I don't think the problems now are malware but rather hardware or operating system error that I have no expertise in.

We need to remove tools and quarantine folders.

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.

Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Remove disinfection tools
Reset system settings


Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Hi Juliet
My mate had the computer overnight and reports that there are damaged clusters on my hard drive and that is causing the system to try to backup.
Mystery is why chkdsk did not report that.
In view of the computer's age I intend to get a new one.
Thanks once again.
Regards
Peter

I feel bad I wasn't able to identify the problem early on.

I think that if it had been malware/viral related we could had solved it.

Let's remove tools and quarantine folders.

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.

Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools

Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.