Hey all,
My notebook has been running sssllllooow the past few weeks. I thought it might be due to HDD closing in on capacity. deleted numerous data files now almost 10 GB free on 150 GB HDD. thought I would optimize HDD afterward with System Mechanic. The program gets to the "analyzing disk" point and self cancels. System Mechanic support not able to work through it even with uninstall and reinstall. suggested it may be due to malware or virus. scans by System Mechanic, Comodo, Spybot, et.al. had little effect. Just noticed today that ALL of my system restore points have been eliminated. Last time that happened I had a nasty virus. Hope i am wrong.
Hoping someone can help me do a deep diagnostic/cleaning to assure a safe & clean machine again.
I have posted the results of the dds.scr scan below.
Thanks for any help.
Russ
**************************************************************************************************
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Doc at 14:30:04.80 on Mon 01/13/2014
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.45.2
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1477 [GMT -6:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iolo\System Mechanic Professional\iologovernor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\PROGRA~1\iolo\Common\Lib\MESSAG~1.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Doc\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
uSearch Bar =
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
uURLSearchHooks: Vuze Remote Toolbar: {05478a66-edb6-4a22-a870-a5987f80a7da} - c:\program files\vuze remote toolbar\ie\7.0\vuzeToolbarIE.dll
BHO: Vuze Remote Toolbar: {05478a66-edb6-4a22-a870-a5987f80a7da} - c:\program files\vuze remote toolbar\ie\7.0\vuzeToolbarIE.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {05478a66-edb6-4a22-a870-a5987f80a7da} - c:\program files\vuze remote toolbar\ie\7.0\vuzeToolbarIE.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
StartupFolder: c:\users\doc\appdata\roaming\micros~1\windows\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\belkin usb print and storage center\Connect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startn~1.lnk - c:\program files\sharp\sharpdesk\sdFTP.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - c:\program files\sharp\sharpdesk\ExplorerExtensions.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\doc\appdata\roaming\mozilla\firefox\profiles\z7shwp74.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\doc\appdata\roaming\mozilla\firefox\profiles\z7shwp74.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\users\doc\appdata\roaming\mozilla\firefox\profiles\z7shwp74.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\doc\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\users\doc\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-3-11 19632]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 494416]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2014-1-9 26248]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-5-4 20384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2013-12-3 68464]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2013-4-4 259424]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2013-3-22 39272]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-12-3 40776]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2012-5-5 19968]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE "%1"
VBEFile=NOTEPAD.EXE "%1"
VBSFile=NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2014-01-13 20:06:12 74703 ----a-w- c:\windows\system32\mfc45.dat
2014-01-09 17:35:18 26248 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2014-01-07 17:43:05 -------- d-----w- c:\progra~2\ioloGovernor
2014-01-07 17:42:56 -------- d-----w- c:\users\doc\appdata\roaming\ioloGovernor
2014-01-07 01:46:19 65024 ----a-w- c:\windows\Icg32.dll
2014-01-05 23:54:50 -------- d-----w- c:\windows\Intuit
2014-01-05 23:22:02 -------- d-----w- c:\program files\Akamai
2014-01-05 22:57:14 -------- d-----w- c:\users\doc\appdata\local\Intuit
2014-01-05 22:57:03 -------- d-----w- c:\program files\common files\supportsoft
2014-01-05 22:56:27 3833856 ----a-w- c:\windows\system32\cdintf300.dll
2014-01-05 22:51:12 -------- d-----w- c:\program files\Intuit
2014-01-05 22:51:12 -------- d-----w- c:\program files\common files\Intuit
2014-01-05 22:51:12 -------- d-----w- c:\progra~2\Intuit
2014-01-05 22:48:11 -------- d-----w- c:\progra~2\SQL Anywhere 10
2014-01-05 22:48:10 -------- d-----w- c:\progra~2\COMMON FILES
2013-12-19 15:48:00 119808 ----a-r- c:\users\doc\appdata\roaming\microsoft\installer\{ccf298af-9ce1-4b26-b251-486e98a34789}\icons.exe
.
==================== Find3M ====================
.
2013-12-11 04:22:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 04:22:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-03 16:47:18 41616 ----a-w- c:\windows\system32\iolobtdfg.exe
2013-12-03 16:47:10 23568 ----a-w- c:\windows\system32\smrgdf.exe
2013-12-03 16:01:54 2097984 ----a-w- c:\windows\system32\Incinerator32.dll
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12:54 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 00:35:24 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-10-22 07:19:59 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-17 02:18:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 14:33:06.31 ===============