Ok I give up, require some help.

**leejames75** · 2012-11-17, 23:59

Our 12 year old has been clicking on random links via his friends on facebook and has downloaded all these facebook games.

It's come to the point where the laptop is now becoming unresponsive.

Sometimes the internet browser or applications just disappear from the screen when my wife and I are on the laptop.

Windows updates won't install MS Office updates and return errors.

I have Avast & Zonealarm installed and nothing untoward has appeared on the virus check logs. However the system takes ages to start up and also shut down. Come to the point where 4gb of data is being removed every night from windows clean up and I am having to defrag the harddrive every night.

Come to point where I have reset the router and renewed the IP address and even contacted our telco provider to check the line, even had a new filter installed on the line.

Anyhelp or advice would be grateful.

Lee

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Lee James at 21:34:32 on 2012-11-17
#Option Extended Search is enabled.
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1013.52 [GMT 0:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Opera\opera.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\leejam~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{191A215B-673E-4A78-85ED-C3690F8F514C} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2012-5-15 11352]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-26 7168]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 60 ================
.
2012-11-14 23:50:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-11-14 23:50:55 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 23:50:10 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b9586fd6-0b73-485b-bf35-d18e47e06a89}\mpengine.dll
2012-11-14 23:38:04 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 23:35:13 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 21:17:28 -------- d-----w- c:\users\lee james\appdata\roaming\OpenOffice.org
2012-11-13 21:06:30 -------- d-----w- c:\program files\OpenOffice.org 3
2012-11-06 20:16:46 -------- d-----w- c:\users\lee james\appdata\local\RawTherapee3.0.1
2012-11-06 20:14:48 -------- d-----w- c:\program files\RawTherapee3.0.1
2012-11-04 21:51:00 -------- d-----w- c:\users\lee james\appdata\roaming\Thinstall
2012-11-04 21:50:58 -------- d-----w- c:\users\lee james\appdata\local\Thinstall
2012-11-04 21:49:26 -------- d-----w- C:\Lightroom22
2012-11-02 20:11:10 -------- d-----w- c:\users\lee james\appdata\local\Windows Live
2012-11-02 20:11:10 -------- d-----w- c:\program files\common files\Windows Live
2012-11-02 20:09:57 754688 ----a-w- c:\windows\system32\webservices.dll
2012-10-30 22:33:39 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:33:35 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:31:02 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:29:53 -------- d-----w- c:\programdata\AVAST Software
2012-10-30 22:29:53 -------- d-----w- c:\program files\AVAST Software
2012-10-28 21:09:08 -------- d-----w- C:\Test
2012-10-13 20:31:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-13 20:31:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-11 21:40:59 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-11 21:40:35 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 21:40:23 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 21:40:23 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 21:40:22 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 21:33:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-11 21:33:15 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-30 21:15:57 -------- d-----w- c:\users\lee james\appdata\roaming\GlarySoft
2012-09-30 21:08:06 -------- d-----w- c:\program files\Glarysoft
2012-09-30 20:58:57 -------- d-----w- c:\program files\Glary Utilities
2012-09-27 22:25:38 -------- d-----w- c:\program files\ESET
2012-09-26 21:48:41 -------- d-----w- c:\users\lee james\appdata\local\Apps
2012-09-21 21:13:39 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find6M ====================
.
2012-11-10 22:50:25 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-10 22:50:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 21:13:08 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-21 21:13:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-25 08:58:47 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-06-25 15:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 12:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:43:09.49 ===============

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-18 22:58:08
-----------------------------
22:58:08.473 OS Version: Windows 6.0.6002 Service Pack 2
22:58:08.473 Number of processors: 2 586 0xF0D
22:58:08.476 ComputerName: --SPARE-- UserName: Lee James
22:58:15.763 Initialize success
23:01:03.469 AVAST engine defs: 12101802
23:02:29.504 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:02:29.510 Disk 0 Vendor: TOSHIBA_ LV01 Size: 152627MB BusType: 3
23:02:29.573 Disk 0 MBR read successfully
23:02:29.579 Disk 0 MBR scan
23:02:29.847 Disk 0 Windows VISTA default MBR code
23:02:29.885 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:02:29.940 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76000 MB offset 3074048
23:02:30.131 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 75125 MB offset 158722048
23:02:30.260 Disk 0 scanning sectors +312578048
23:02:30.504 Disk 0 scanning C:\Windows\system32\drivers
23:03:33.395 Service scanning
23:07:15.142 Modules scanning
23:09:04.123 Disk 0 trace - called modules:
23:09:04.451 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:09:04.451 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864e0ac8]
23:09:04.467 3 CLASSPNP.SYS[86f1a8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x852d1028]
23:09:19.162 AVAST engine scan C:\
02:45:52.558 Scan finished successfully
04:49:43.961 Disk 0 MBR has been saved successfully to "C:\Users\Lee James\Desktop\MBR.dat"
04:49:44.211 The log file has been saved successfully to "C:\Users\Lee James\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-17 22:17:40
-----------------------------
22:17:40.489 OS Version: Windows 6.0.6002 Service Pack 2
22:17:40.489 Number of processors: 2 586 0xF0D
22:17:40.505 ComputerName: --SPARE-- UserName: Lee James
22:19:05.447 Initialize success
22:19:17.662 AVAST engine defs: 12111700
22:19:20.969 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:19:20.969 Disk 0 Vendor: TOSHIBA_ LV01 Size: 152627MB BusType: 3
22:19:21.047 Disk 0 MBR read successfully
22:19:21.047 Disk 0 MBR scan
22:19:21.062 Disk 0 Windows VISTA default MBR code
22:19:21.109 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:19:21.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76000 MB offset 3074048
22:19:21.281 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 75125 MB offset 158722048
22:19:21.312 Disk 0 scanning sectors +312578048
22:19:22.264 Disk 0 scanning C:\Windows\system32\drivers
22:20:13.229 Service scanning
22:21:01.932 Modules scanning
22:21:40.714 Disk 0 trace - called modules:
22:21:40.807 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:21:40.854 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8692eac8]
22:21:40.870 3 CLASSPNP.SYS[873138b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x856e6028]
22:21:43.288 AVAST engine scan C:\Windows
22:21:59.311 AVAST engine scan C:\Windows\system32
22:28:34.506 AVAST engine scan C:\Windows\system32\drivers
22:29:18.626 AVAST engine scan C:\Users\Lee James
22:44:08.648 AVAST engine scan C:\ProgramData
22:52:51.425 Scan finished successfully
22:54:11.524 Disk 0 MBR has been saved successfully to "C:\Users\Lee James\Desktop\MBR.dat"
22:54:11.587 The log file has been saved successfully to "C:\Users\Lee James\Desktop\aswMBR.txt"

**JonTom** · 2012-11-25, 03:08

Hello leejames75 and

My name is JonTom

Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

Lets begin with the following:

Security Programs
- I can see from your log that you have a number of real-time security programs running, namely ZoneAlarm Antivirus and avast! Antivirus.
- Whilst both of these programs provide good security, they may clash with each other which can leave your system vulnerable to infection. Having multiple real time applications running at the same time will cause system slowness and reduced performance.
- You are advised to remove one of these programs.
- To do this:
- Click on "Windows Orb" then on "Computer" and then on the "Uninstall or change a program" tab.
- A list of currently installed programs will be displayed.
- Find the program you want to uninstall, click on it once and then click on the "uninstall" button.
- If you are prompted to re-boot your computer to complete the uninstall please do so.
- Please make sure that you only have ONE Firewall and ONE real-time Antivirus running on your system.
Once you have uninstalled one of the real time antivirus programs, please re-scan with DDS and aswMBR and post the logs for me to review and we'll take things from there.

**leejames75** · 2012-11-26, 00:10

Hello JonTom.

Many thanks for taking the time to help me.

I have uninstalled Zonealarm AV and Firewall and now using Windows Firewall, and now just have Avast as my AV. I will be asking a few questions at the end regarding Firewall and AV.

Please find enclosed my new logs.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Lee James at 22:25:13 on 2012-11-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1013.255 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Desktop SMS] c:\program files\idm\desktop sms\DesktopSMS.exe /auto
StartupFolder: c:\users\leejam~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{191A215B-673E-4A78-85ED-C3690F8F514C} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2011-1-10 25896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-30 44808]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-21 21504]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-26 7168]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-26 30192]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-11-24 08:40:01 -------- d-----w- c:\program files\MyDefrag v4.3.1
2012-11-23 08:51:41 -------- d-----w- c:\users\lee james\appdata\local\SlimWare Utilities Inc
2012-11-23 08:50:36 -------- d-----w- c:\program files\SlimCleaner
2012-11-22 20:51:06 -------- d-----w- c:\users\lee james\appdata\roaming\QuickScan
2012-11-17 23:15:24 -------- d-----w- c:\programdata\PCPitstop
2012-11-14 23:50:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-11-14 23:50:55 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 23:38:04 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 23:35:13 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 21:17:28 -------- d-----w- c:\users\lee james\appdata\roaming\OpenOffice.org
2012-11-13 21:06:30 -------- d-----w- c:\program files\OpenOffice.org 3
2012-11-06 20:16:46 -------- d-----w- c:\users\lee james\appdata\local\RawTherapee3.0.1
2012-11-06 20:14:48 -------- d-----w- c:\program files\RawTherapee3.0.1
2012-11-04 21:49:26 -------- d-----w- C:\Lightroom22
2012-11-02 20:11:10 -------- d-----w- c:\users\lee james\appdata\local\Windows Live
2012-11-02 20:11:10 -------- d-----w- c:\program files\common files\Windows Live
2012-11-02 20:09:57 754688 ----a-w- c:\windows\system32\webservices.dll
2012-10-30 22:33:39 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:33:35 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:31:02 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:29:53 -------- d-----w- c:\programdata\AVAST Software
2012-10-30 22:29:53 -------- d-----w- c:\program files\AVAST Software
2012-10-28 21:09:08 -------- d-----w- C:\Test
.
==================== Find3M ====================
.
2012-11-10 22:50:25 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-10 22:50:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 21:13:10 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-21 21:13:08 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-21 21:13:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 22:26:53.79 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/01/2011 22:30:08
System Uptime: 25/11/2012 21:54:34 (1 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | CPU | 800/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 15.269 GiB free.
E: is FIXED (NTFS) - 73 GiB total, 68.188 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP636: 24/11/2012 23:14:44 - Scheduled Checkpoint
RP638: 25/11/2012 20:26:53 - Revo Uninstaller's restore point - Samsung Kies
RP639: 25/11/2012 20:33:23 - Removed Samsung Kies
RP641: 25/11/2012 21:29:13 - Revo Uninstaller's restore point - Samsung Kies
.
==== Installed Programs ======================
.
7-Zip 9.21
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
avast! Free Antivirus
BleachBit
Camera Assistant Software for Toshiba
CCleaner
CD/DVD Drive Acoustic Silencer
CleanUp!
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
Defraggler
Desktop SMS
DivX Setup
DVD MovieFactory for TOSHIBA
EOS 20D WIA Driver
FileZilla Client 3.5.1
Google Desktop
Google Earth
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2003 Web Components
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MyDefrag v4.3.1
myphotobook 3.5
NetWaiting
OpenOffice.org 3.4.1
Opera 12.11
Picasa 3
QuickTime
RawTherapee 3.0.1
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Recuva
Revo Uninstaller 1.94
SAMSUNG USB Driver for Mobile Phones
Secunia PSI (3.0.0.3001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Windows Media Encoder (KB2447961)
Serif WebPlus Starter Edition 3.0
Skype™ 5.10
SlimCleaner
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TRDCReminder
TRORDCLauncher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Windows Media Encoder 9 Series
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
25/11/2012 21:55:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
25/11/2012 21:17:29, Error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).
25/11/2012 19:51:48, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
25/11/2012 19:51:48, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/11/2012 19:51:46, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
25/11/2012 19:47:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
25/11/2012 19:21:25, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
25/11/2012 19:19:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
25/11/2012 19:19:19, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/11/2012 09:40:58, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
25/11/2012 09:35:58, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
24/11/2012 17:44:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Notebook Performance Tuning Service (TEMPRO) service to connect.
24/11/2012 16:57:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
24/11/2012 10:17:49, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
24/11/2012 09:49:02, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AswRdr aswSnx aswSP aswTdi DfsC kl2 KLIF NetBIOS netbt nsiproxy PSched RasAcd rdbss RtlProt SBRE Smb spldr tdx Vsdatant Wanarpv6 ws2ifsl
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
24/11/2012 09:48:57, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2012 09:48:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
24/11/2012 09:48:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
24/11/2012 09:48:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
24/11/2012 09:48:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
24/11/2012 09:48:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
24/11/2012 09:48:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
24/11/2012 09:48:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
23/11/2012 08:47:26, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
23/11/2012 08:38:17, Error: Service Control Manager [7022] - The TPM Base Services service hung on starting.
22/11/2012 13:09:45, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
22/11/2012 12:22:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
22/11/2012 08:18:35, Error: EventLog [6008] - The previous system shutdown at 08:17:09 on 22/11/2012 was unexpected.
20/11/2012 14:22:19, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
20/11/2012 09:53:29, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
19/11/2012 09:52:46, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/11/2012 09:52:45, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
19/11/2012 09:52:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
19/11/2012 09:47:25, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
19/11/2012 09:47:24, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
.
==== End Of File ===========================

**JonTom** · 2012-11-26, 01:52

Hello leejames75

Come to the point where 4gb of data is being removed every night from windows clean up and I am having to defrag the harddrive every night

What exactly is it that is being removed? As for the defrag, there is no need to run one every night.

There is nothing jumping out at me from the logs you have posted which leads me to believe (at this time) that the problem may very well be related to the amount of RAM you have installed.

This machine has just over 1GB of RAM in total. With two real time antivirus programs running you had almost used up all of the machines available RAM.

By uninstalling Zonealarm we have recovered 0.25GB of RAM to draw upon but this is still quite low. As soon as you run anything that requires some serious system power your machine will most likely struggle.

Having said that, lets continue by running some additional scans in case anything has been missed:

Junkware Removal Tool
- Please download Junkware Removal Tool to your desktop.
- Shutdown your antivirus to avoid any conflicts.
- Right-mouse click JRT.exe and select Run as administrator
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message
Please post the JRT log in your next reply.

**leejames75** · 2012-11-26, 21:03

Hi JonTom.

Yes, CleanUp (StevenGould) can sometimes recover 10Gb each evening.

As stated, our 12 year old is a bit of a facebook fanatic, and after he finishes, that is when the laptop is so unresponsive.

He has admitted downloading apps and games to the computer via Facebook.
However he won't allow me nor his mum to vet his account to find out what apps he has linked with his account.

He uses youtube alot to watch films and has been typing in the links to watch the films that appear on the teaser footage of these films.

Zonealarm would be working overtime and the amount of intrusion blocks that would be reported was worrying.

Hence at the moment, he is not allowed to use the laptop.

The last straw is when I wasn't able to install the MS Office updates via windows update, and finding that the disk was not in it's place as he lent it to a school friend, and has not got it back.

So therefore unable to do a fresh reinstall of Office.

When I do have to shutdown the laptop, because it becomes unresponsive and explorer freezes, the popup appears asking to wait, restart or close explorer.

The laptop takes ages to shutdown, and when it boots up, it takes ages to startup. I know the laptop is getting long in the tooth, but feel that although software wise nothing has changed installation wise since purchasing it and installing photo editing software and applying the updates as and when required. I feel that the excessive internet browsing our son is doing is causing the laptop to creak. As the HDD light is constantly on.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.5.4 (11.26.2012)
OS: Windows Vista (TM) Home Premium x86
Ran by Lee James on 26/11/2012 at 19:23:32.28
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Lee James\appdata\locallow\boost_interprocess"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/11/2012 at 19:31:50.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**JonTom** · 2012-11-27, 12:14

Hello leejames75

Not a great deal detected by the Junkware Removal Tool.

Lets see what the following can tell us:

Combofix
- Download ComboFix from one of the following locations:
  
  Link 1
  Link 2
- VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
- Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
- Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
- When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
- Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
- Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
- Should there be issues with internet afterward:
  
  In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
  
  In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
Please post the Combofix log in your next reply.

**leejames75** · 2012-11-27, 22:36

Here is the combofix log.

Interesting to see that Zonealarm/Checkpoint and PCPitstop are not fully removed, and McAfee (Original pre install - but used McAfee removal tool when expired) is still referenced.

ComboFix 12-11-27.01 - Lee James 27/11/2012 20:56:33.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1013.352 [GMT 0:00]
Running from: c:\users\Lee James\Desktop\LJ.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lee James\AppData\Local\Temp\ppcrlui_2836_2
c:\users\LEEJAM~1\AppData\Local\Temp\ppcrlui_2836_2
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-10-27 to 2012-11-27 )))))))))))))))))))))))))))))))
.
.
2012-11-27 21:12 . 2012-11-27 21:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-27 21:12 . 2012-11-27 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-27 20:39 . 2012-11-19 01:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20D767EE-B8AC-4F67-AC03-9E620BCD18CF}\mpengine.dll
2012-11-26 22:40 . 2012-11-26 22:45 -------- d-----w- c:\windows\system32\catroot2
2012-11-26 22:19 . 2008-05-08 06:03 303616 ----a-w- C:\SetACL.exe
2012-11-26 21:52 . 2012-11-26 22:31 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-11-26 21:52 . 2004-06-12 00:33 290304 ----a-w- C:\subinacl.exe
2012-11-26 21:24 . 2012-11-26 21:24 -------- d-----w- C:\RegBackup
2012-11-26 21:19 . 2012-11-26 22:31 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-11-26 21:18 . 2012-11-26 21:18 -------- d-----w- c:\program files\Tweaking.com
2012-11-26 19:22 . 2012-11-26 19:22 -------- d-----w- c:\windows\ERUNT
2012-11-26 19:21 . 2012-11-26 19:21 -------- d-----w- C:\JRT
2012-11-25 23:16 . 2012-11-25 23:16 -------- d-----w- c:\program files\CheckPoint
2012-11-24 08:40 . 2012-11-24 16:10 -------- d-----w- c:\program files\MyDefrag v4.3.1
2012-11-23 08:51 . 2012-11-23 08:51 -------- d-----w- c:\users\Lee James\AppData\Local\SlimWare Utilities Inc
2012-11-23 08:50 . 2012-11-23 23:43 -------- d-----w- c:\program files\SlimCleaner
2012-11-23 00:00 . 2012-11-23 00:00 -------- d-----w- c:\program files\7-Zip
2012-11-22 20:51 . 2012-11-22 20:51 -------- d-----w- c:\users\Lee James\AppData\Roaming\QuickScan
2012-11-17 23:15 . 2012-11-18 09:10 -------- d-----w- c:\programdata\PCPitstop
2012-11-14 23:50 . 2012-10-08 07:50 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-11-14 23:50 . 2012-10-08 07:47 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 23:38 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 23:35 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 21:17 . 2012-11-13 21:17 -------- d-----w- c:\users\Lee James\AppData\Roaming\OpenOffice.org
2012-11-13 21:06 . 2012-11-13 21:06 -------- d-----w- c:\program files\OpenOffice.org 3
2012-11-06 20:27 . 2012-11-06 20:27 -------- d-----w- c:\users\Lee James\AppData\Roaming\gtk-2.0
2012-11-06 20:16 . 2012-11-06 20:20 -------- d-----w- c:\users\Lee James\AppData\Local\RawTherapee3.0.1
2012-11-06 20:14 . 2012-11-06 20:15 -------- d-----w- c:\program files\RawTherapee3.0.1
2012-11-04 21:49 . 2012-11-04 21:49 -------- d-----w- C:\Lightroom22
2012-11-02 20:11 . 2012-11-02 20:11 -------- d-----w- c:\users\Lee James\AppData\Local\Windows Live
2012-11-02 20:11 . 2012-11-02 20:11 -------- d-----w- c:\program files\Common Files\Windows Live
2012-11-02 20:09 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2012-10-30 22:34 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:34 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:33 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:33 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:33 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:33 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:31 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:30 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-30 22:29 . 2012-10-30 22:29 -------- d-----w- c:\programdata\AVAST Software
2012-10-30 22:29 . 2012-10-30 22:29 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-10 22:50 . 2012-06-02 11:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-10 22:50 . 2011-08-29 10:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2012-06-11 00:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 21:13 . 2012-09-21 21:13 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-21 21:13 . 2012-07-11 19:26 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-21 21:13 . 2011-01-11 02:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 13:28 . 2012-10-11 21:40 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-08-27 1050072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 1507328]
.
c:\users\Lee James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 22:50]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 21:58]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 21:58]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-ZoneAlarm Installer - c:\program files\CheckPoint\Install\Launcher.exe
MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
AddRemove-ZoneAlarm Security - c:\program files\CheckPoint\Install\Install.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2686827 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2729449 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2737019 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-27 21:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-11-27 21:19:25
ComboFix-quarantined-files.txt 2012-11-27 21:19
.
Pre-Run: 46,012,309,504 bytes free
Post-Run: 45,870,469,120 bytes free
.
- - End Of File - - E9E1F4B99D6323594F9A9352976B3F3A

**JonTom** · 2012-11-28, 12:23

Hello leejames75

Why did you re-name combofix?

Interesting to see that Zonealarm/Checkpoint and PCPitstop are not fully removed

Many uninstall routines do not completely remove the installed program. More often than not there are remnants of the program left behind. While they cause no harm in themselves, a utility such as Revo Uninstaller can be used to remove these leftovers.

Lets continue:

CKScanner
- Download CKScanner by askey127 from here and save it to your Desktop.
- Right click CKScanner.exe and select "Run as Administrator", then click on Search For Files.
- When the cursor hourglass disappears, click Save List To File.
- A message box will verify the file saved.
- Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
MalwareBytes AntiMalware:
- I can see that you have MBAM installed.
- Double click on your MalwareBytes AntiMalware icon to launch the program.
- Click on the "Update" tab and then on "Check for Updates".
- The program will now install the latest Malware definition files.
- Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
- Once the program has scanned your computer, a log file will be created in Notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
- When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
- The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
- Come back here to this thread and Paste the log in your next reply.
Please run the following scan
- Note: You will need to use Internet Explorer for this scan.
- Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
- Please disable your real time security programs before performing the scan.
- Scan your system with Eset Online Scanner
- Place a check mark in the box YES, I accept the Terms Of Use.
- Click the button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Check
- Click the button.
- Accept any security warnings from your browser.
- Check
- Make sure that the option to "Remove Found Threats" is UN checked.
- Push the "Start" button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- Push the button.
- Push
Please post the CKScanner log, the MBAM log and the ESET log in your next reply.

**leejames75** · 2012-11-29, 00:49

Used Revo to remove remainder of Zonealarm and PCPitstop but these were not listed.

Here is the CKscanner log.

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\users\lee james\appdata\local\roblox\versions\version-7b3d65c79aa445d1\content\textures\vol_ice_cracked2.dds
scanner sequence 3.AP.11.TNNAJP
----- EOF -----

Here is the MBAM log.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.28.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Lee James :: --SPARE-- [administrator]

28/11/2012 21:57:36
mbam-log-2012-11-28 (21-57-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200161
Time elapsed: 21 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

**leejames75** · 2012-11-29, 00:51

Eset log will be posted later:

Thread: Ok I give up, require some help.

Thread Tools

Display

Ok I give up, require some help.

Posting Permissions