Author Topic: Computer runs slow randomly (Read 28708 times)

1two3 · « **on:** July 11, 2012, 03:36:53 PM »

Been fine for a few months, haven't had any viruses. Avast is working well for me. However, every now and then, my computer slows right down, whatever I'm doing. Exploring files, using Firefox, playing games (to put it into context I fall from 40fps down to 6fps). This has only started happening recently.

I'm unsure if I've got a virus or not. I don't think I do but it's there in the back of my mind to check. If I posted a HJT log (or whatever is preferred) would someone check it for me?

Allan · « **Reply #1 on:** July 11, 2012, 03:44:43 PM »

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

1two3 · « **Reply #2 on:** July 31, 2012, 05:45:38 AM »

Right, sorry for the long delay, been very busy.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/31/2012 at 12:41 PM

Application Version : 5.5.1012

Core Rules Database Version : 5340
Trace Rules Database Version: 3152

Scan type : Complete Scan
Total Scan Time : 01:40:18

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned : 776
Memory threats detected : 0
Registry items scanned : 37287
Registry threats detected : 1
File items scanned : 188614
File threats detected : 3

Malware.Trace
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon#Taskman

Adware.Tracking Cookie
   C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@google[3].txt [ Cookie:[email protected]/accounts/ ]

Trojan.Agent/Gen-Krpytik
   C:\PROGRAM FILES\EA SPORTS\TIGER WOODS PGA TOUR 07\BIN\RLD-TW7K.EXE

Trojan.Dropper/SVCHost-Fake
   C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\SVCHOST.EXE

I notice that there is a trojan associated with Malwarebytes. Is it infected?

1two3 · « **Reply #3 on:** July 31, 2012, 09:32:18 AM »

DDS:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 16/11/2009 16:20:18
System Uptime: 31/07/2012 12:48:01 (4 hours ago)
.
Motherboard: Hewlett-Packard | | 30C6
Processor: Genuine Intel(R) CPU T2130 @ 1.86GHz | U1 | 1867/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 105 GiB total, 17.297 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 2.294 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
G: is CDROM ()
H: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: atksgt
Device ID: ROOT\LEGACY_ATKSGT\0000
Manufacturer:
Name: atksgt
PNP Device ID: ROOT\LEGACY_ATKSGT\0000
Service: atksgt
.
==== System Restore Points ===================
.
RP477: 30/07/2012 14:36:47 - Scheduled Checkpoint
RP478: 31/07/2012 11:15:00 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.5.1
Adobe Shockwave Player 11.6
AdobeColorCommonSetRGB
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
Audacity 1.2.6
Audacity 1.3.13 (Unicode)
Aurora 16.0a2 (x86 en-GB)
avast! Free Antivirus
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Camtasia Studio 7
CCleaner
Cheat Engine 5.6
Cheat Engine 6.1
Cheat Engine 6.2
Civ II : Test Of Time
Commando
Conexant HD Audio
D3DX10
DAEMON Tools Lite
EA SPORTS online 2007
Empire Earth
EPSON Printer Software
ESET Online Scanner v3
ESU for Microsoft Vista
FileZilla Client 3.5.0
FMRTE
Fraps
Freelancer
Game Booster 3
Google Chrome
Google Updater
Guild Wars
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.2
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons
HP Update
HP User Guides 0079
HP Wireless Assistant
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 29
Java(TM) 7 Update 3
Java(TM) SE Development Kit 6 Update 18
Java(TM) SE Development Kit 6 Update 23
Java(TM) SE Development Kit 7 Update 3
JavaFX 2.0.3
JavaFX 2.0.3 SDK
Junk Mail filter update
Lame ACM MP3 Codec
LAME v3.98.2 for Audacity
League of Legends
LG USB Modem driver
LightScribe 1.4.136.1
Live 8.2.2
Logitech Eyetoy Webcam
Macromedia Extension Manager
Magic DVD Ripper V5.4.2
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires
Microsoft Application Error Reporting
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Monopoly Tycoon
Mozilla Firefox 11.0 (x86 en-GB)
Mozilla Firefox 4.0b12 (x86 en-GB)
Mozilla Maintenance Service
MS Access 97 SP2
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Napster Burn Engine
Network Play System (Patching)
ObjectDock Free
Pando Media Booster
PDF Settings CS5
Pharaoh
PowerISO
Prism Video Converter
PSSWCORE
Puzzle Pirates
QLBCASL
QuickTime
Rainmeter
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller Pro 2.5.3
Rollcage
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Shockwave
Skype Click to Call
Skype™ 5.10
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.3
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
System Requirements Lab
System Requirements Lab for Intel
The Sims
Theme Hospital
Tunatic
Ultra Mobile 3GP Video Converter 5.2.0603
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
31/07/2012 12:53:09, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
31/07/2012 12:48:51, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading
31/07/2012 12:48:51, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading.
31/07/2012 12:48:50, Error: Service Control Manager [7023] - The Akamai NetSession Interface service terminated with the following error: The specified module could not be found.
31/07/2012 12:48:50, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
30/07/2012 14:39:33, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{323a53e0-649b-11dc-944b-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{01FE7351-E2C0-4BB5-AFFD-E52ED61ACC59}' was corrupted and it has been recovered. Some data might have been lost.
29/07/2012 17:46:32, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A40241D0-65EA-45BB-A316-C96449293D7C} because another computer on the network has the same name. The server could not start.
29/07/2012 17:46:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
29/07/2012 17:46:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
29/07/2012 15:26:29, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
29/07/2012 10:03:01, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
28/07/2012 20:40:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
28/07/2012 17:50:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
27/07/2012 11:26:53, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{323a53e0-649b-11dc-944b-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1CA1F1BC-FFE1-4A89-B254-85854AB620AF}' was corrupted and it has been recovered. Some data might have been lost.
26/07/2012 10:19:59, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
25/07/2012 10:08:46, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
24/07/2012 14:20:29, Error: NetBT [4321] - The name "LAPTOP :20" could not be registered on the interface with IP address 192.168.0.9. The computer with the IP address 192.168.0.8 did not allow the name to be claimed by this computer.
24/07/2012 14:20:29, Error: NetBT [4321] - The name "LAPTOP :0" could not be registered on the interface with IP address 192.168.0.9. The computer with the IP address 192.168.0.8 did not allow the name to be claimed by this computer.
24/07/2012 14:19:51, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-1A-73-77-93-1B. Network operations on this system may be disrupted as a result.
24/07/2012 14:19:50, Error: NetBT [4321] - The name "LAPTOP :20" could not be registered on the interface with IP address 192.168.0.8. The computer with the IP address 192.168.0.7 did not allow the name to be claimed by this computer.
24/07/2012 14:19:50, Error: NetBT [4321] - The name "LAPTOP :0" could not be registered on the interface with IP address 192.168.0.8. The computer with the IP address 192.168.0.7 did not allow the name to be claimed by this computer.
24/07/2012 14:09:11, Error: NetBT [4321] - The name "LAPTOP :20" could not be registered on the interface with IP address 192.168.0.6. The computer with the IP address 192.168.0.3 did not allow the name to be claimed by this computer.
24/07/2012 14:09:11, Error: NetBT [4321] - The name "LAPTOP :0" could not be registered on the interface with IP address 192.168.0.6. The computer with the IP address 192.168.0.3 did not allow the name to be claimed by this computer.
24/07/2012 14:05:13, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-1B-38-34-79-EB. Network operations on this system may be disrupted as a result.
24/07/2012 12:17:25, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{323a53e0-649b-11dc-944b-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{488B9EA3-0D36-4800-982A-60D1E6C29F1E}' was corrupted and it has been recovered. Some data might have been lost.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by Jimbo at 16:17:12 on 2012-07-31
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2038.1041 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IObit\Game Booster 3\gbtray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Jimbo\AppData\Local\Temp\{22B2EF27-260B-45CD-8F84-8EFB35D617F2}\Bottom TB Shadow.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Aurora\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EPSON Stylus DX7400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticde.exe /fu "c:\windows\temp\E_S9636.tmp" /EF "HKCU"
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\jimbo\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\jimbo\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\jimbo\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
StartupFolder: c:\users\jimbo\appdata\roaming\micros~1\windows\startm~1\programs\startup\tbshad~1.lnk - c:\users\jimbo\my desktop\editing software\customisation\tb shadow\Bottom TB Shadow.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-1054b06ff577c5e3.spaces.live.com/PhotoUpload/VistaMsnPUplden-gb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{15229113-00B3-46E3-B570-48D822330868} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A40241D0-65EA-45BB-A316-C96449293D7C} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockfree\ODMenu.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jimbo\appdata\roaming\mozilla\firefox\profiles\iao1yho0.default\
FF - component: c:\users\jimbo\appdata\roaming\mozilla\firefox\profiles\iao1yho0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\jimbo\appdata\roaming\mozilla\firefox\profiles\iao1yho0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jimbo\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\jimbo\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-22 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-20 353688]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-5-14 232512]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-20 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-20 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-7-8 44808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-16 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-2-17 227896]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 118256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-13 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-31 27192]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-13 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-22 1343400]
.
=============== Created Last 30 ================
.
2012-07-31 10:58:21   --------   d-----w-   c:\program files\Aurora
2012-07-31 10:16:50   6891424   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{68405768-0f13-4b47-97de-09cb3a5ebdf1}\mpengine.dll
2012-07-11 21:55:07   2345984   ----a-w-   c:\windows\system32\win32k.sys
2012-07-11 08:18:51   1158656   ----a-w-   c:\windows\system32\crypt32.dll
2012-07-11 08:18:50   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-07-11 08:18:49   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2012-07-09 14:26:45   --------   d-----w-   c:\program files\Psygnosis
2012-07-08 16:42:51   2755072   ----a-w-   c:\windows\system32\themeui.dll.backup
2012-07-08 16:42:44   37376   ----a-w-   c:\windows\system32\themeservice.dll.backup
2012-07-08 16:42:36   249856   ----a-w-   c:\windows\system32\uxtheme.dll.backup
2012-07-08 16:42:28   1493504   ----a-w-   c:\windows\system32\ExplorerFrame_backup_wti.dll
2012-07-08 16:42:28   12872704   ----a-w-   c:\windows\system32\shell32_backup_wti.dll
2012-07-08 16:42:27   859648   ----a-w-   c:\windows\system32\OobeFldr_backup_wti.dll
2012-07-08 16:42:27   2616320   ----a-w-   c:\windows\explorer_backup_wti.exe
2012-07-08 16:42:26   101072   ----a-w-   c:\windows\UTP.exe
2012-07-08 16:14:45   --------   d-----w-   c:\users\jimbo\appdata\roaming\Rainmeter
2012-07-08 16:14:31   --------   d-----w-   c:\program files\Rainmeter
.
==================== Find3M ====================
.
2012-07-26 20:57:08   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 20:57:08   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-07-08 16:42:51   2755072   ----a-w-   c:\windows\system32\themeui.dll
2012-07-08 16:42:44   37376   ----a-w-   c:\windows\system32\themeservice.dll
2012-07-08 16:42:36   249856   ----a-w-   c:\windows\system32\uxtheme.dll
2012-07-03 16:21:53   721000   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:53   57656   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:53   44784   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21:32   41224   ----a-w-   c:\windows\avastSS.scr
2012-07-03 12:46:44   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-22 19:27:28   21840   ----atw-   c:\windows\system32\SIntfNT.dll
2012-06-22 19:27:28   17212   ----atw-   c:\windows\system32\SIntf32.dll
2012-06-22 19:27:28   12067   ----atw-   c:\windows\system32\SIntf16.dll
2012-06-06 05:05:52   1390080   ----a-w-   c:\windows\system32\msxml6.dll
2012-06-06 05:05:52   1236992   ----a-w-   c:\windows\system32\msxml3.dll
2012-06-06 05:03:06   805376   ----a-w-   c:\windows\system32\cdosys.dll
2012-06-02 22:12:32   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-02 22:12:13   88576   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-02 14:19:42   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-02 14:12:20   33792   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-02 08:33:25   1800192   ----a-w-   c:\windows\system32\jscript9.dll
2012-06-02 08:25:08   1129472   ----a-w-   c:\windows\system32\wininet.dll
2012-06-02 08:25:03   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04   67440   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03   134000   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59   369336   ----a-w-   c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39   225280   ----a-w-   c:\windows\system32\schannel.dll
2012-06-02 04:39:10   219136   ----a-w-   c:\windows\system32\ncrypt.dll
2012-05-31 11:25:14   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-05-14 19:11:32   232512   ----a-w-   c:\windows\system32\drivers\dtsoftbus01.sys
.
============= FINISH: 16:21:35.52 ===============

1two3 · « **Reply #4 on:** July 31, 2012, 03:41:08 PM »

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.31.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jimbo :: LAPTOP [administrator]

31/07/2012 16:43:22
mbam-log-2012-07-31 (16-43-22).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 498594
Time elapsed: 3 hour(s), 13 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

There we go.

SuperDave · « **Reply #5 on:** July 31, 2012, 05:57:41 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
P2P - I see you have P2P software installed on your machine. (µTorrent)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
********************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

1two3 · « **Reply #6 on:** August 01, 2012, 10:45:33 AM »

Yeah, I realised that it may have been the P2P software I had, so I had uninstalled as much of it as possible, but forgot to actually uninstall uTorrent. Running Combofix now.

1two3 · « **Reply #7 on:** August 01, 2012, 12:10:47 PM »

Okay after running ComboFix I cannot connect to the Internet on this laptop. Troubleshooting days that there may be a problem with my network bridge driver. What do I do? I have no other computers to download a driver onto. Writing this from my iPod.

Also Avast no longer automatically starts on startup.

Also also, I've tried to connect both wirelessly and wired to my modem.

Edit: Fixed the internet. Deleted my network bridge as I don't need it anymore. Avast still doesn't load on startup. Here is the ComboFix log.

ComboFix 12-07-31.03 - Jimbo 01/08/2012 18:02:13.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2038.567 [GMT 1:00]
Running from: c:\users\Jimbo\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jimbo\Documents\~WRL0001.tmp
c:\windows\security\Database\tmp.edb
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\SET9EE2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 17:28 . 2012-08-01 17:28   --------   d-----w-   c:\users\Mcx1\AppData\Local\temp
2012-08-01 17:28 . 2012-08-01 17:28   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2012-08-01 17:28 . 2012-08-01 17:28   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-08-01 13:51 . 2012-08-01 13:51   56200   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{68405768-0F13-4B47-97DE-09CB3A5EBDF1}\offreg.dll
2012-07-31 19:09 . 2012-07-31 19:10   --------   d-----w-   c:\program files\Aurora
2012-07-31 10:16 . 2012-06-29 08:44   6891424   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{68405768-0F13-4B47-97DE-09CB3A5EBDF1}\mpengine.dll
2012-07-11 21:55 . 2012-06-12 02:40   2345984   ----a-w-   c:\windows\system32\win32k.sys
2012-07-11 08:18 . 2012-04-24 04:36   1158656   ----a-w-   c:\windows\system32\crypt32.dll
2012-07-11 08:18 . 2012-04-24 04:36   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-07-11 08:18 . 2012-04-24 04:36   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2012-07-09 14:26 . 2012-07-09 14:26   --------   d-----w-   c:\program files\Psygnosis
2012-07-08 16:42 . 2010-11-20 12:21   2755072   ----a-w-   c:\windows\system32\themeui.dll.backup
2012-07-08 16:42 . 2009-07-14 01:16   37376   ----a-w-   c:\windows\system32\themeservice.dll.backup
2012-07-08 16:42 . 2009-07-14 01:16   249856   ----a-w-   c:\windows\system32\uxtheme.dll.backup
2012-07-08 16:42 . 2012-01-04 08:59   12872704   ----a-w-   c:\windows\system32\shell32_backup_wti.dll
2012-07-08 16:42 . 2010-11-20 12:19   1493504   ----a-w-   c:\windows\system32\ExplorerFrame_backup_wti.dll
2012-07-08 16:42 . 2011-02-25 05:30   2616320   ----a-w-   c:\windows\explorer_backup_wti.exe
2012-07-08 16:42 . 2010-11-20 12:20   859648   ----a-w-   c:\windows\system32\OobeFldr_backup_wti.dll
2012-07-08 16:42 . 2012-07-08 16:49   101072   ----a-w-   c:\windows\UTP.exe
2012-07-08 16:14 . 2012-07-08 16:14   --------   d-----w-   c:\users\Jimbo\AppData\Roaming\Rainmeter
2012-07-08 16:14 . 2012-07-08 16:14   --------   d-----w-   c:\program files\Rainmeter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 20:57 . 2012-04-17 04:26   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-07-26 20:57 . 2011-05-26 17:53   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-08 16:42 . 2011-04-13 08:21   2755072   ----a-w-   c:\windows\system32\themeui.dll
2012-07-08 16:42 . 2009-07-13 23:39   37376   ----a-w-   c:\windows\system32\themeservice.dll
2012-07-08 16:42 . 2009-07-13 23:40   249856   ----a-w-   c:\windows\system32\uxtheme.dll
2012-07-03 16:21 . 2009-04-20 16:56   54232   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-03-24 09:34   44784   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-07-22 13:44   721000   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2009-04-20 16:56   353688   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2009-04-20 16:56   21256   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2009-04-20 16:56   57656   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-06-30 14:58   41224   ----a-w-   c:\windows\avastSS.scr
2012-07-03 16:21 . 2009-04-20 16:56   227648   ----a-w-   c:\windows\system32\aswBoot.exe
2012-07-03 12:46 . 2010-08-10 16:38   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-22 19:27 . 2008-04-03 18:21   21840   ----atw-   c:\windows\system32\SIntfNT.dll
2012-06-22 19:27 . 2008-04-03 18:21   17212   ----atw-   c:\windows\system32\SIntf32.dll
2012-06-22 19:27 . 2008-04-03 18:21   12067   ----atw-   c:\windows\system32\SIntf16.dll
2012-06-02 22:19 . 2012-06-22 08:05   53784   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 08:05   45080   ----a-w-   c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 08:05   35864   ----a-w-   c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 08:05   577048   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 08:05   1933848   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 08:05   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 08:05   88576   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 08:04   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-22 08:04   33792   ----a-w-   c:\windows\system32\wuapp.exe
2012-05-31 11:25 . 2009-10-03 08:26   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-05-14 19:11 . 2012-05-14 19:11   232512   ----a-w-   c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-18 21:10 . 2011-05-07 11:32   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21   121528   ----a-w-   c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-17 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-17 3077528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-10-18 273528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Jimbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 40136]
TB Shadow.lnk - c:\users\Jimbo\My Desktop\Editing Software\Customisation\TB Shadow\Bottom TB Shadow.exe [2012-7-9 729600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-07-30 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S1 aswSnx;aswSnx;

S1 aswSP;aswSP;

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE

S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 20:57]
.
2012-07-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-18 17:13]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2684566189-1366576568-2552115098-1000Core.job
- c:\users\Jimbo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-03 16:27]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2684566189-1366576568-2552115098-1000UA.job
- c:\users\Jimbo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-03 16:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\Jimbo\AppData\Roaming\Mozilla\Firefox\Profiles\iao1yho0.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-UnityWebPlayer - c:\users\Jimbo\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
"DisplayName"=expand:"@fdeploy.dll,-261"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"DisplayName"=expand:"@%SystemRoot%\\System32\\dskquota.dll,-100"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"%SystemRoot%\\System32\\dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"DisplayName"=expand:"@gptext.dll,-201"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}]
@DACL=(02 0000)
@="Remote Desktop USB Redirection"
"DllName"=expand:"%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000001
"DisplayName"=expand:"@%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll,-100"
"NoBackgroundPolicy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@DACL=(02 0000)
@="Windows Search Group Policy Extension"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\srchadmin.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"NoSlowLink"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000000
"NoMachinePolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
@DACL=(02 0000)
@="Deployed Printer Connections"
"DisplayName"=expand:"@%systemroot%\\system32\\gpprnext.dll,-1"
"DllName"=expand:"%systemroot%\\system32\\gpprnext.dll"
"EnableAsynchronousProcessing"=dword:00000001
"ExtensionEventSource"=""
"GenerateGroupPolicy"="PrinterGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000001
"NotifyLinkTransition"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="PrinterProcessGroupPolicy"
"ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
@DACL=(02 0000)
@="TCPIP"
"DisplayName"=expand:"@gptext.dll,-204"
"ProcessGroupPolicy"="ProcessTCPIPPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\polstore.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
"DisplayName"=expand:"@c:\\Windows\\system32\\polstore.dll,-5012"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}]
@DACL=(02 0000)
@="Audit Policy Configuration"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"auditcse.dll"
"NoUserPolicy"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
"ForceRefreshFG"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@DACL=(02 0000)
@="Enterprise QoS"
"DisplayName"=expand:"@gptext.dll,-203"
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"=expand:"gptext.dll"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
@DACL=(02 0000)
@="CP"
"DisplayName"=expand:"@gptext.dll,-205"
"ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@DACL=(02 0000)
@=""
"DLLName"="igfxdev.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"Mcx1"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-01 18:38:24
ComboFix-quarantined-files.txt 2012-08-01 17:38
.
Pre-Run: 18,650,574,848 bytes free
Post-Run: 18,464,063,488 bytes free
.
- - End Of File - - EDE898ABD82A6287E7E8A4531595B99B

SuperDave · « **Reply #8 on:** August 01, 2012, 04:24:23 PM »

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*********************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply
*******************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

1two3 · « **Reply #9 on:** August 02, 2012, 02:18:28 AM »

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
SpywareBlaster 4.3
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java DB 10.5.3.0
JavaFX 2.0.3
JavaFX 2.0.3 SDK
Java(TM) 6 Update 29
Java(TM) 7 Update 3
Java(TM) SE Development Kit 6 Update 18
Java(TM) SE Development Kit 6 Update 23
Java(TM) SE Development Kit 7 Update 3
Java version out of Date!
Adobe Flash Player 11.3.300.268
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 4.0b12 Firefox out of Date!
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````[/u]
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

1two3 · « **Reply #10 on:** August 02, 2012, 02:27:28 AM »

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-02 09:20:12
-----------------------------
09:20:12.979 OS Version: Windows 6.1.7601 Service Pack 1
09:20:12.979 Number of processors: 2 586 0xE0C
09:20:12.979 ComputerName: LAPTOP UserName: Jimbo
09:20:42.136 Initialize success
09:20:45.756 AVAST engine defs: 12080101
09:20:49.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
09:20:49.968 Disk 0 Vendor: ST9120821AS 7.24 Size: 114473MB BusType: 11
09:20:49.999 Disk 0 MBR read successfully
09:20:49.999 Disk 0 MBR scan
09:20:49.999 Disk 0 Windows 7 default MBR code
09:20:50.015 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 107646 MB offset 63
09:20:50.046 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6824 MB offset 220459995
09:20:50.077 Disk 0 scanning sectors +234436545
09:20:50.155 Disk 0 scanning C:\Windows\system32\drivers
09:21:03.836 Service scanning
09:21:34.210 Modules scanning
09:21:56.051 Disk 0 trace - called modules:
09:21:56.082 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
09:21:56.597 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c2b030]
09:21:56.612 3 CLASSPNP.SYS[88a0459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x855fc908]
09:21:58.921 AVAST engine scan C:\Windows
09:22:07.547 AVAST engine scan C:\Windows\system32
09:25:27.244 AVAST engine scan C:\Windows\system32\drivers
09:25:42.313 AVAST engine scan C:\Users\Jimbo
09:27:09.954 Disk 0 MBR has been saved successfully to "C:\Users\Jimbo\Desktop\MBR.dat"
09:27:09.954 The log file has been saved successfully to "C:\Users\Jimbo\Desktop\aswMBR.txt"

1two3 · « **Reply #11 on:** August 02, 2012, 02:45:12 AM »

SysProt told me it couldn't scan SSDT. Here is the log. I'm sure did everything correctly.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8252B000
Module End: 82536000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_msahci.sys
Service Name: ---
Module Base: 82536000
Module End: 82540000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys
Service Name: ---
Module Base: 82540000
Module End: 82551000
Hidden: Yes

Module Name: C:\Windows\system32\DRIVERS\vwifimp.sys
Service Name: vwifimp
Module Base: 82423000
Module End: 8242C000
Hidden: Yes

Module Name: \??\C:\Users\Jimbo\AppData\Local\Temp\aswMBR.sys
Service Name: aswMBR
Module Base: 85299000
Module End: 852A5000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ObMakeTemporaryObject
At Address: 82E28C64
Jump To: 910B561C
Module Name: C:\Windows\System32\Drivers\aswSP.SYS

Hooked Function: ObInsertObject
At Address: 82E41290
Jump To: 910B7116
Module Name: C:\Windows\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Users\Jimbo\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{EA146B3E-B379-234C-B43C-C79FDE8F0646}\01\12-{EA146B3E-B379-234C-B43C-C79FDE8F0646}-v1-{B06783A6-8BC8-474F-BC59-DC808A43CBB1}-v12-Do
Status: Hidden

Object: C:\Users\Jimbo\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{EA146B3E-B379-234C-B43C-C79FDE8F0646}\11\11-{B06783A6-8BC8-474F-BC59-DC808A43CBB1}-v11-{B06783A6-8BC8-474F-BC59-DC808A43CBB1}-v11-D
Status: Hidden

Object: C:\Windows\CSC\v2.0.6\namespace
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\pq
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\sm
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\temp
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Status: Access denied

1two3 · « **Reply #12 on:** August 02, 2012, 04:55:53 AM »

Also, I will be away from Saturday for two weeks on holiday so I will be unable to do anything from then for a while.

SuperDave · « **Reply #13 on:** August 02, 2012, 04:26:08 PM »

Quote

Also, I will be away from Saturday for two weeks on holiday so I will be unable to do anything from then for a while.

No problem. We'll talk when you get back. Have a great holiday.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

******************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

azalea · « **Reply #14 on:** August 08, 2012, 03:03:06 AM »

Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. If you want to help, please go here. Superdave.

batlon13 · « **Reply #15 on:** August 13, 2012, 11:37:10 PM »

Last day i had installed mozilla firefox in my desktop. than my desktop running slow. than i uninstalled mozilla firefox but still now desktop running slow. i think i have got virus. so what can i do now?

SuperDave · « **Reply #16 on:** August 14, 2012, 05:38:02 PM »

Quote from: batlon13 on August 13, 2012, 11:37:10 PM

Last day i had installed mozilla firefox in my desktop. than my desktop running slow. than i uninstalled mozilla firefox but still now desktop running slow. i think i have got virus. so what can i do now?

Start your own thread.

1two3 · « **Reply #17 on:** August 19, 2012, 03:12:54 AM »

Back from my holiday. Was brilliant. 50 degrees in Qatar.

Verified Java Version
Congratulations!
You have the recommended Java installed (1.7.0_06).

Dunno if you need the JavaRa log but:

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Aug 14 10:30:01 2010

Found and removed: C:\Program Files\Java\jre1.6.0

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Classes\JavaPlugin.160

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\Classes\JavaPlugin.160_07

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

------------------------------------

Finished reporting.

Doing the rest now.

1two3 · « **Reply #18 on:** August 19, 2012, 07:32:11 AM »

ESET found nothing. Took ages; was at 99% by an hour and then took a further 3 hours to complete. Log is short but anyway:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

SuperDave · « **Reply #19 on:** August 19, 2012, 11:07:35 AM »

How's your computer working now?

1two3 · « **Reply #20 on:** August 20, 2012, 01:45:40 AM »

It's fine. It doesn't slow at all. Just want to say thanks.

Anyway, do I still need JavaRa and other things?

SuperDave · « **Reply #21 on:** August 20, 2012, 01:38:58 PM »

Quote

Anyway, do I still need JavaRa and other things?

Yes, you need to keep all your programs updated. Malware just love out-of-date programs, especially Java.
Let's do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

***************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

1two3 · « **Reply #22 on:** August 20, 2012, 03:05:23 PM »

It says "Windows cannot find Combofix". I'm sure I'm trying it correctly.

SuperDave · « **Reply #23 on:** August 20, 2012, 05:01:09 PM »

Quote

It says "Windows cannot find Combofix". I'm sure I'm trying it correctly.

I could have already been removed. Look in your Control Panel, Programs, Programs and Features and see if it's there. You can also check on your C drive to see if anything is left of ComboFix there.

To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.

1two3 · « **Reply #24 on:** August 21, 2012, 03:01:46 AM »

Right. OTL was weird. It showed the desktop like it said, although I didn't actually see the program. I only saw a black outline of where it should be. This was what was happening for about two minutes, then my computer restarted. Logging on, I noticed two files called "desktop.ini" on my desktop. Is this all meant to happen?

SuperDave · « **Reply #25 on:** August 21, 2012, 04:39:35 PM »

Quote from: 1two3 on August 21, 2012, 03:01:46 AM

Right. OTL was weird. It showed the desktop like it said, although I didn't actually see the program. I only saw a black outline of where it should be. This was what was happening for about two minutes, then my computer restarted. Logging on, I noticed two files called "desktop.ini" on my desktop. Is this all meant to happen?

What were you trying to do with OTL?

1two3 · « **Reply #26 on:** August 22, 2012, 03:34:30 AM »

Quote from: SuperDave on August 21, 2012, 04:39:35 PM

What were you trying to do with OTL?

Sorry, not OTL, I meant TFC. Dunno why I said that.

1two3 · « **Reply #27 on:** August 22, 2012, 10:25:44 AM »

Ran it again and this time I managed to see some of what it was doing. It was saying 0 bytes cleared for everything so it had probably worked the first time. Still confused about the desktop.ini files. What do I do with them?

SuperDave · « **Reply #28 on:** August 22, 2012, 01:05:00 PM »

Quote from: 1two3 on August 22, 2012, 10:25:44 AM

Ran it again and this time I managed to see some of what it was doing. It was saying 0 bytes cleared for everything so it had probably worked the first time. Still confused about the desktop.ini files. What do I do with them?

Desktop.ini is a Windows XP system file that stores information about customized folders. If you have customized the display of a folder in any way, such as changing its icon or manner of display, Windows has saved those settings in a desktop.ini file. In the following screenshot, I have right-clicked on a folder and am about to customize it.

Since Desktop.ini is a Windows system file, you are probably seeing it because you have set Explorer to display hidden/system files. By reversing this setting, you can get rid of Desktop.ini.

1.In any Windows Explorer window, click Tools ? Folder Options…
2.Click on the View tab.
3.Check off the radio button next to “Do not show hidden files and folders”.
4.Put a check in the box next to “Hide protected operating system files (recommended)”.
5.Click OK.
Here is a picture of the settings I have just described:

Once you have made these changes, Desktop.ini should be out of sight and out of mind. Here is a screen shot of the same folder from Figure 1. It’s still customized, but Desktop.ini is nowhere to be seen.

1two3 · « **Reply #29 on:** August 23, 2012, 02:35:04 AM »

Okay, thanks very much SuperDave. The desktop.ini isn't showing anymore. Set a new restore point and all is well. Thanks again. Just out of curiosity was there much wrong with my computer?

SuperDave · « **Reply #30 on:** August 23, 2012, 04:18:55 PM »

Quote

Just out of curiosity was there much wrong with my computer?

Just the usual amount of crap that's going around these days. Nothing too serious.

Quote

Okay, thanks very much SuperDave.

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: Computer runs slow randomly (Read 28708 times)

1two3

Allan

1two3

1two3

1two3

SuperDave

1two3

1two3

SuperDave

1two3

1two3

1two3

1two3

SuperDave

azalea

batlon13

SuperDave

1two3

1two3

SuperDave

1two3

SuperDave

1two3

SuperDave

1two3

SuperDave

1two3

1two3

SuperDave

1two3

SuperDave