janec Posted January 15, 2012 Posted January 15, 2012 Hi, I'm having trouble mainly when I'm online with pages not loading or everything going really slowly or everything stopping altogether and freezing up. I've had a look at Windows Task Manager and the ccsvchst.exe is using anything between 40 to 100% CPU. What is this and can I fix it? Many thanks Jane Quote
Starbuck Posted January 15, 2012 Posted January 15, 2012 Hi janec Do you have any Symantec products installed (Norton) ? Quote Member of:UNITE
janec Posted January 15, 2012 Author Posted January 15, 2012 Thanks for your reply. Yes, I have Norton 2012 installed. I have just checked and the ccsvchst.exe isn't using any CPU's now. I'm confused. Quote
Starbuck Posted January 15, 2012 Posted January 15, 2012 ccsvchst.exe is usually associated with Symantec Live Update. So it may well be when the program is searching for updates that this is happening. As you are running XP, do you know how much Ram memory you have installed? Quote Member of:UNITE
janec Posted January 16, 2012 Author Posted January 16, 2012 The sticker on my laptop says: 1024 MB DDR-Ram. Is this what you mean? Sorry to be so clueless. Quote
KenB Posted January 16, 2012 Posted January 16, 2012 If I can but in whist Starbuck is off-line ..... 1024 MB DDR-Ram This is probably correct but to check .... Start > right click on My Computer > Properties This will tell you the Operating System and how much RAM is in the machine. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
janec Posted January 16, 2012 Author Posted January 16, 2012 Thanks for that. I've done as you've suggested and apparently there is 896 MB of RAM. Quote
Starbuck Posted January 16, 2012 Posted January 16, 2012 If I can but in whist Starbuck is off-line .. Feel free Ken, i don't think this is a malware issue. Thanks Jane, I only asked because some old XP systems are still running 246mb or 512mb. How often does the high CPU usage occur? Have you checked to see if Norton is updating when this happens? Quote Member of:UNITE
janec Posted January 17, 2012 Author Posted January 17, 2012 Hi, It usually occurs when my laptop is first started up. It can last for an hour or more and re-occur later but not for so long. Norton was updating once when this happened but half an hour after Norton said it had finished I was still getting the problem. I had a major problem a few months back when all my disk space disappeared which was kindly sorted by yourselves and after that my laptop ran like a dream. It's only the last couple of weeks this has started to happen. Quote
Starbuck Posted January 17, 2012 Posted January 17, 2012 Hi Jane, Let's take a look and see if anything gets thrown up. Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. (the Extras.txt may be minimised to your taskbar) These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Thanks Quote Member of:UNITE
janec Posted January 17, 2012 Author Posted January 17, 2012 Hi Starbuck, I've run the OTL scan. OTL reports as follows: OTL logfile created on: 17/01/2012 18:12:02 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jane Cureton\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 895.36 Mb Total Physical Memory | 435.70 Mb Available Physical Memory | 48.66% Memory free 2.11 Gb Paging File | 1.56 Gb Available in Paging File | 73.87% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.50 Gb Total Space | 14.70 Gb Free Space | 45.23% Space Free | Partition Type: NTFS Drive E: | 149.05 Gb Total Space | 145.33 Gb Free Space | 97.50% Space Free | Partition Type: NTFS Computer Name: JCMOSAICS | User Name: Jane Cureton | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Jane Cureton\Desktop\OTL.scr (OldTimer Tools) PRC - c:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe (Symantec Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe (Ralink Technology, Corp.) PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.) PRC - C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\system32\quartz.dll () MOD - C:\WINDOWS\system32\sbe.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120116.035\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120116.035\NAVENG.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111223.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120114.005\IDSXpx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMEFA.SYS (Symantec Corporation) DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\ccSetx86.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SRTSPX.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SYMTDI.SYS (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMDS.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\Ironx86.SYS (Symantec Corporation) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (RT2500) -- C:\WINDOWS\system32\drivers\RT2500.sys (Ralink Technology Inc.) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio) DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio) DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (crlscsi) -- C:\WINDOWS\System32\drivers\crlscsi.sys (Corel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/11/05 18:32:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/01/14 17:22:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/06 17:53:21 | 000,000,000 | ---D | M] [2011/07/29 23:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane Cureton\Application Data\Mozilla\Firefox\Profiles\077fyhc8.default\extensions [2011/10/14 21:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2007/02/20 15:15:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll ========== Chrome ========== O1 HOSTS File: ([2004/08/10 19:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CardReaderReset] C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\Reset.exe () O4 - HKLM..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86" File not found O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" File not found O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe (Ralink Technology, Corp.) O4 - Startup: C:\Documents and Settings\Jane Cureton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Documents and Settings\Jane Cureton\Start Menu\Programs\Startup\Met Office Desktop Widget.lnk = C:\Program Files\Met Office Desktop Widget\Met Office Desktop Widget.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/pm/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1320519932125 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://msnuk.oberon-media.com/online2/MSN_INTL_UK/chainz_2/mjolauncher.cab (MJLauncherCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab (ZoneIntro Class) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://sympatico.zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C36A7A38-96C7-4290-A25B-E6073651D588}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Jane Cureton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jane Cureton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/16 19:44:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{692bd095-bd9e-11da-957a-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{692bd095-bd9e-11da-957a-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{692bd095-bd9e-11da-957a-806d6172696f}\Shell\AutoRun\command - "" = D:\winshell110.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: SoundMan - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: TkBellExe - hkey= - key= - Reg Error: Value error. File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/01/17 18:01:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jane Cureton\Desktop\OTL.scr [2005/09/16 21:54:14 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll ========== Files - Modified Within 30 Days ========== [2012/01/17 18:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/01/17 18:11:56 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1750105772-1827593217-929180627-1006.job [2012/01/17 18:11:56 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1750105772-1827593217-929180627-1006.job [2012/01/17 18:01:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane Cureton\Desktop\OTL.scr [2012/01/17 16:14:18 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Jane Cureton\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk [2012/01/15 22:13:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/01/14 17:23:26 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Jane Cureton\Start Menu\Programs\Startup\Met Office Desktop Widget.lnk [2012/01/14 17:19:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/01/14 17:19:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/01/14 17:18:59 | 938,921,984 | -HS- | M] () -- C:\hiberfil.sys [2012/01/13 16:16:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/01/11 16:46:59 | 000,443,248 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/11 16:46:58 | 000,072,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/01/10 13:32:16 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\Jane Cureton\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel (2).lnk [2012/01/09 16:16:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/01/04 21:41:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/02 18:55:29 | 000,410,031 | ---- | M] () -- C:\Documents and Settings\Jane Cureton\My Documents\donkey 3.jpg [2011/12/27 21:56:58 | 000,002,437 | ---- | M] () -- C:\Documents and Settings\Jane Cureton\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Publisher (2).lnk [2011/12/20 16:47:33 | 000,121,463 | ---- | M] () -- C:\Documents and Settings\Jane Cureton\My Documents\wrens nest in wasps nest.jpg ========== Files Created - No Company Name ========== [2012/01/04 21:41:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/02 18:56:09 | 000,410,031 | ---- | C] () -- C:\Documents and Settings\Jane Cureton\My Documents\donkey 3.jpg [2011/12/28 13:56:36 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1750105772-1827593217-929180627-1006.job [2011/12/20 16:47:33 | 000,121,463 | ---- | C] () -- C:\Documents and Settings\Jane Cureton\My Documents\wrens nest in wasps nest.jpg [2011/11/07 20:59:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/11/13 17:40:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2008/03/11 17:26:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2008/03/11 17:26:45 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2008/03/11 17:26:45 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2008/03/11 17:26:45 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2008/03/11 17:26:45 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2008/03/11 17:26:45 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2008/03/11 17:26:45 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2008/03/11 17:26:45 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2008/03/11 17:26:45 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2008/03/11 17:26:45 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2008/03/11 17:26:45 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2008/03/11 17:26:45 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2008/03/11 17:26:45 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2008/03/11 17:26:45 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2008/03/11 17:26:45 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2008/03/11 17:26:45 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2008/03/11 17:26:45 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2008/03/11 17:26:45 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2008/03/11 17:26:45 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2008/03/11 17:19:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED92Euro.ini [2007/06/08 22:30:22 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007/06/08 22:27:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007/01/01 13:54:24 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT [2007/01/01 13:29:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDESC86PEEuro.ini [2006/12/27 14:30:52 | 000,002,887 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006/09/03 15:41:53 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Jane Cureton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/07/18 19:02:41 | 000,000,340 | ---- | C] () -- C:\WINDOWS\QTW.INI [2006/07/18 19:02:37 | 000,000,144 | ---- | C] () -- C:\WINDOWS\INDEO.INI [2006/07/01 10:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI [2006/06/05 16:26:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/05/20 14:02:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe [2006/05/20 14:01:31 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PMK_setup.ini [2006/05/17 10:47:50 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Jane Cureton\Local Settings\Application Data\fusioncache.dat [2006/05/15 15:47:47 | 000,000,797 | ---- | C] () -- C:\WINDOWS\SGREP32.INI [2006/05/15 15:42:53 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Ps32.dll [2006/05/15 15:42:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\SGOPopDg.dll [2006/05/15 14:43:44 | 000,000,083 | ---- | C] () -- C:\WINDOWS\REPENG.INI [2006/05/15 14:14:48 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin [2006/05/15 13:41:45 | 000,019,932 | ---- | C] () -- C:\WINDOWS\SAGE.INI [2006/05/14 21:33:06 | 000,001,006 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/05/14 19:41:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jane Cureton\Application Data\wklnhst.dat [2006/03/27 14:39:39 | 000,000,516 | ---- | C] () -- C:\WINDOWS\dialer.ini [2006/02/28 05:07:15 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll [2006/02/28 05:05:53 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2006/02/28 05:05:53 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll [2006/02/28 04:41:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006/02/28 04:41:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006/02/28 04:41:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006/02/28 04:41:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006/02/28 04:41:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006/02/28 04:41:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006/02/27 21:13:19 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT [2006/02/27 20:35:38 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/02/27 20:35:06 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/02/27 20:35:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/02/27 20:34:57 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/02/27 20:34:45 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/02/27 20:34:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006/02/27 20:33:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/02/27 20:33:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/02/27 20:32:28 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/02/27 20:30:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/27 13:16:47 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2006/02/27 13:16:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\installrt2500qa.dll [2006/02/27 13:16:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WRLSetup.exe [2006/02/27 13:05:44 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2006/02/27 12:41:44 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2006/02/27 12:41:44 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006/02/27 12:39:05 | 000,095,617 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006/01/24 12:37:36 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe [2006/01/24 12:36:20 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll [2006/01/24 12:36:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll [2006/01/24 12:36:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL [2006/01/24 12:36:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL [2006/01/24 12:36:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL [2006/01/24 12:36:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll [2006/01/24 12:35:58 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL [2006/01/24 12:35:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL [2006/01/24 12:35:38 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL [2006/01/24 12:35:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL [2006/01/24 12:35:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL [2006/01/24 12:35:30 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL [2006/01/24 12:35:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL [2006/01/24 12:35:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL [2006/01/24 12:35:10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll [2006/01/24 12:35:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll [2006/01/24 12:34:58 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll [2006/01/24 12:34:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL [2006/01/24 12:33:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll [2006/01/13 10:43:50 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll [2005/11/30 12:49:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\REPDES32.EXE [2005/11/30 12:49:30 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL [2005/11/30 12:49:20 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGREP32.DLL [2005/09/19 16:54:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/09/16 19:47:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005/09/16 19:40:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005/09/16 19:28:26 | 000,001,452 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/09/16 19:27:13 | 000,443,248 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2005/09/16 19:27:13 | 000,072,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2005/09/16 12:35:23 | 000,005,997 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/09/16 12:34:32 | 000,313,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005/09/01 23:39:24 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2005/09/01 23:39:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2005/09/01 23:39:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2005/08/05 21:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/07/11 13:33:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll [2004/06/09 10:57:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Install.exe [2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv [2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1999/01/23 02:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll [1997/06/14 00:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll ========== LOP Check ========== [2010/09/27 20:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2008/07/11 14:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo [2010/09/05 22:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2006/09/04 12:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2006/05/14 21:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT [2007/12/08 18:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/03/11 17:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2009/09/01 21:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom [2008/03/24 17:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane Cureton\Application Data\EPSON [2007/06/24 12:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane Cureton\Application Data\InterVideo [2011/10/31 12:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane Cureton\Application Data\JGoodies [2012/01/17 16:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane Cureton\Application Data\MailWasherFree [2006/05/22 18:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane Cureton\Application Data\Nikon [2005/09/16 22:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane Cureton\Application Data\SampleView [2006/05/14 21:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane Cureton\Application Data\Template ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/07/30 22:30:19 | 000,000,000 | ---- | M] () -- C:\AILog.txt [2005/09/16 19:44:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2006/02/28 06:20:58 | 000,000,032 | ---- | M] () -- C:\BIOSINFO.INI [2006/02/28 06:20:58 | 000,000,091 | ---- | M] () -- C:\BIOSVIEW.INI [2006/05/14 19:06:17 | 000,000,209 | RHS- | M] () -- C:\boot.ini [2005/09/16 19:44:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2012/01/14 17:18:59 | 938,921,984 | -HS- | M] () -- C:\hiberfil.sys [2010/09/27 21:22:37 | 000,002,096 | ---- | M] () -- C:\InstallHelper.log [2005/09/16 19:44:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2005/09/19 16:39:15 | 000,000,021 | ---- | M] () -- C:\LOCAL [2005/09/19 16:39:15 | 000,000,021 | ---- | M] () -- C:\MINI [2005/09/16 19:44:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/10 19:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2011/02/01 20:28:38 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/01/14 17:18:57 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2005/09/16 12:33:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2005/09/16 12:33:51 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2005/09/16 12:33:50 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E17801 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10B7A752 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A266313 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65 < End of report > OTL Extras logfile created on: 17/01/2012 18:12:02 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jane Cureton\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 895.36 Mb Total Physical Memory | 435.70 Mb Available Physical Memory | 48.66% Memory free 2.11 Gb Paging File | 1.56 Gb Available in Paging File | 73.87% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.50 Gb Total Space | 14.70 Gb Free Space | 45.23% Space Free | Partition Type: NTFS Drive E: | 149.05 Gb Total Space | 145.33 Gb Free Space | 97.50% Space Free | Partition Type: NTFS Computer Name: JCMOSAICS | User Name: Jane Cureton | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4 "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2 "{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1CABB679-3958-44AA-BFFF-4E68A2684255}" = ArcSoft Panorama Maker 3.0 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 29 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A5C7EED-1A45-C2B6-2E39-E58BD6955E1D}" = Met Office Desktop Widget "{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Roxio Burn Engine "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAA66A0D-E610-40B8-9D51-C1854285773A}" = RT2500 Wireless LAN Card "{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver "{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker "{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}" = MSN Music Mediabar "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D32D4182-DE6C-457E-838C-8D7B9CE332BA}" = InterVideo WinRip "{DC24971E-1946-445D-8A82-CE685433FA7D}" = "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{ECA2B21B-A180-4775-B93F-6E404E36A8CC}" = MSRuntime Libraries "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems AC'97 Modem v2157D "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "Corel Applications" = Corel Applications "ERUNT_is1" = ERUNT 1.1j "ESC86 Reference Guide" = ESC86 Reference Guide "ESC86 Software Guide" = ESC86 Software Guide "ESET Online Scanner" = ESET Online Scanner v3 "ie8" = Windows Internet Explorer 8 "InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3 "InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker Gold "IrfanView" = IrfanView (remove only) "JDiskReport 1.3.2" = JGoodies JDiskReport 1.3.2 "MailWasher Free_is1" = MailWasher Free 6.5.4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NIS" = Norton Internet Security "OcaHistoryUpd" = OCA Client history tool install "RealPlayer 12.0" = RealPlayer "Sage Instant Accounting 6.0" = Sage Instant Accounting 6.0 "SM1FX_AT" = USB Storage Adapter FX (SM1) "SynTPDeinstKey" = Synaptics Pointing Device Driver "uk.gov.meto.pws.air" = Met Office Desktop Widget "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.93 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 04/01/2012 11:08:30 | Computer Name = JCMOSAICS | Source = Application Error | ID = 1000 Description = Faulting application excel.exe, version 9.0.0.2719, faulting module excel.exe, version 9.0.0.2719, fault address 0x002cefbf. Error - 04/01/2012 14:26:39 | Computer Name = JCMOSAICS | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 04/01/2012 15:02:49 | Computer Name = JCMOSAICS | Source = Application Hang | ID = 1002 Description = Hanging application EXCEL.EXE, version 9.0.0.2719, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 04/01/2012 15:03:26 | Computer Name = JCMOSAICS | Source = Application Hang | ID = 1002 Description = Hanging application EXCEL.EXE, version 9.0.0.2719, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/01/2012 11:52:08 | Computer Name = JCMOSAICS | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/01/2012 14:27:57 | Computer Name = JCMOSAICS | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978. Error - 13/01/2012 19:55:02 | Computer Name = JCMOSAICS | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 15/01/2012 12:50:06 | Computer Name = JCMOSAICS | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 15/01/2012 17:59:13 | Computer Name = JCMOSAICS | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978. Error - 16/01/2012 10:23:43 | Computer Name = JCMOSAICS | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978. [ System Events ] Error - 05/01/2012 16:59:48 | Computer Name = JCMOSAICS | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the NIS service. Error - 10/01/2012 16:59:57 | Computer Name = JCMOSAICS | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error - 11/01/2012 12:14:35 | Computer Name = JCMOSAICS | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect. Error - 11/01/2012 12:14:36 | Computer Name = JCMOSAICS | Source = DCOM | ID = 10005 Description = DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} Error - 11/01/2012 12:16:03 | Computer Name = JCMOSAICS | Source = DCOM | ID = 10010 Description = The server {ABC01078-F197-4B0B-ADBC-CFE684B39C82} did not register with DCOM within the required timeout. Error - 12/01/2012 11:45:09 | Computer Name = JCMOSAICS | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error - 16/01/2012 06:34:34 | Computer Name = JCMOSAICS | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error - 16/01/2012 09:51:38 | Computer Name = JCMOSAICS | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect. Error - 16/01/2012 09:51:38 | Computer Name = JCMOSAICS | Source = DCOM | ID = 10005 Description = DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} Error - 17/01/2012 09:43:01 | Computer Name = JCMOSAICS | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. < End of report > Many thanks Jane Quote
Starbuck Posted January 17, 2012 Posted January 17, 2012 Hi jane There are no visible signs of malware in the reports. So it looks as though it may well be just down to Norton. I personally would never run Norton on any of my systems, It adds too much to the system and does have a tendency to slow things down. ..... but that's just my opinion. Also it seems they are currently being sued to scareware practises. http://www.cio.co.uk/news/3329589/symantec-sued-over-alleged-scareware-sales-tactics/ Whether you decide to keep Norton or remove it is entirely up to you. After all, it's your system. If you do decide to remove it, I can recommend a few free Anti Virus programs that will do a good job for you. There are a few items in the report we can clean up, while we're at it. Step 1 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R 2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86" File not found O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" File not found O33 - MountPoints2\{692bd095-bd9e-11da-957a-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{692bd095-bd9e-11da-957a-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{692bd095-bd9e-11da-957a-806d6172696f}\Shell\AutoRun\command - "" = D:\winshell110.exe @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E17801 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10B7A752 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A266313 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65 :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 7 Update 2 and save it to your desktop. Scroll down to where it says "Java SE 7 Update 2". Click the "Download JRE" button to the right. Accept the license agreement. select 'Windows x86'offline from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. . Java 6 Update 29 . Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-7u2-windows-i586-p.exe to install the newest version. In your next reply, please submit: OTL fix report Thanks. Quote Member of:UNITE
KenB Posted January 18, 2012 Posted January 18, 2012 If I can put in my 2 cents worth again .... I posted - (then deleted the post as starbuck replied at the same time) - that I would remove Norton ( assuming that you can still re-install if you want to ) and put MS Essentials on your system to try for a while just to see if you get the same problems. This way you can eliminate Norton from the equation. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
janec Posted January 18, 2012 Author Posted January 18, 2012 Hi Starbuck, I have run the OTL thingy and the report follows at the end of the post. I've also removed and re-loaded the latest Java. I think I would like to try something other than Norton. It was Norton (albeit an older version than what I have now) that caused all the problems a few months ago and I'm getting fed up with it. Could you please suggest a free alternative (MS Essentials as KenB suggested or whichever you think would be best) and post a link as I'm never sure that what I've found on Google is the correct thing. Do I remove Norton first or load the free programme first. I'm also running the free version of Mailwasher as the up to date Norton will not filter spam with my version of Microsoft Outlook (for some reason I'm still using the 2000 version). I don't suppose there is a free security programme that will also filter spam? Many thanks for your help Jane OTL report: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON Stylus C86 Series deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeUpdater deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{692bd095-bd9e-11da-957a-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{692bd095-bd9e-11da-957a-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{692bd095-bd9e-11da-957a-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{692bd095-bd9e-11da-957a-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{692bd095-bd9e-11da-957a-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{692bd095-bd9e-11da-957a-806d6172696f}\ not found. File D:\winshell110.exe not found. ADS C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:69E17801 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:10B7A752 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A266313 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Jane Cureton\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Jane Cureton\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] Quote
Starbuck Posted January 18, 2012 Posted January 18, 2012 Hi jane Could you please suggest a free alternative (MS Essentials as KenB suggested or whichever you think would be best) and post a link as I'm never sure that what I've found on Google is the correct thing. No problem. MS Essentials is a good choice ( i'm running that on this system), there are 3 that I recommend ( i only recommend programs i've used myself) so pick any one of the 3 and you will have a good AV. Avira AntiVir ... see note* ....installation guide Here Avast free MS Security Essentials ... see note** ...installation guide Here Note*: Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation. Note**: Upon installation MS Security Essentials will check that your OS is a legal copy. Only install one AntiVirus program Do I remove Norton first or load the free programme first. Good question. Download the new AV and save it to your desktop. ( but don't install it yet) Go to the Add/Remove and uninstall Norton. (it may be easier to turn it off first, this way it should uninstall easier) Then to make sure all traces of Norton have been removed: Go to: Norton Removal Tool Download it to your 'Desktop'. Then click on the desktop icon to run the removal tool. When complete, install your new AntiVirus program. If you have problems removing Norton.... just run the removal tool ... that'll take care of it. I'm also running the free version of Mailwasher as the up to date Norton will not filter spam with my version of Microsoft Outlook (for some reason I'm still using the 2000 version). I don't suppose there is a free security programme that will also filter spam? There's not really a need to add another program. Outlook 2000 has Spam filters built in, why not use these. This link will explain what to do. http://www.sitedeveloper.ws/tutorials/spam.htm Quote Member of:UNITE
janec Posted January 19, 2012 Author Posted January 19, 2012 Hi Starbuck, I'm now running MS Security Essentials and have removed Norton. WOW! It's like having broadband after using dial up (you're probably too young to remember dial up). Everything is running much faster and I can now have more than one thing running at a time including several different web pages without it stopping altogether. Thanks very much for yours and KenB's help. Very much appreciated. Kind regards Jane Quote
KenB Posted January 19, 2012 Posted January 19, 2012 you're probably too young to remember dial up No he isn't - he was around when the abacus was invented :) Good to hear that your system is running as it should. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted January 19, 2012 Posted January 19, 2012 No he isn't - he was around when the abacus was invented and if memory serves... it was you that taught me how to use it. :cool: Glad everything is running great for you Jane. I take it you won't be going back to Norton then? :o We should just clear the tools we've used from your system. Step 1 Start MBAM. Click on the Quarantine tab If there are items in quarantine..... Make sure everything is selected and then click Delete All. Close MBAM. Step 2 Please double-click OTL to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will cleanup an assortment of tools used during malware removal, plus itself Note: MBAM will not be removed Step 3 Now you should Set a New Restore Point. Setting a new restore point AFTER cleaning your system will help your computer to "roll-back" to a clean working state, if it's ever needed. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Select the drive for cleaning then click OK (usually 'C' drive) Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
janec Posted January 19, 2012 Author Posted January 19, 2012 Hi Starbuck, All done. If I'm ever diagnosed with low blood pressure and I need something to raise it, then I may use Norton again. Until then, it's in the bin. I just don't have the time to sit and look at a frozen screen for 10 minutes at a time :mad: What a pile of [insert expletive of choice]! Thanks again for your help. Kind regards Jane Quote
KenB Posted January 20, 2012 Posted January 20, 2012 If I'm ever diagnosed with low blood pressure and I need something to raise it, then I may use Norton again. http://anju66.files.wordpress.com/2011/03/laughing-smiley.gif?w=490 Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted January 20, 2012 Posted January 20, 2012 Brilliant reply Jane. :D Quote Member of:UNITE
wellies Posted January 30, 2012 Posted January 30, 2012 Thanks for your reply. Yes, I have Norton 2012 installed. I have just checked and the ccsvchst.exe isn't using any CPU's now. I'm confused. I realise this post is after the event and I'm pleased that your problem is sorted out thanks to the good help received. Nonetheless, it might be interesting to read about this issue in a thread over on the Norton forum (link below). Best to read all posts. Possible reasons are given why high CPU usage will sometimes be high and sometimes not. Norton doesn't always run badly. In my own case, the processor usage for ccsvchst.exe goes up to about 50% when a scan is initiated but quickly drops down to 25% or below once into the scan. CPU usage for the process sits at about 0.05% when no scan is taking place. Perhaps mileages would vary for these figures depending on the particular computer. http://community.norton.com/t5/Norton-Internet-Security-Norton/CCSVCHST-EXE/m-p/589670/highlight/true#M183510 Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Computer: Intel i5 CPU|8GB RAM|Windows 8.1.1 64-bit|Sandboxie|Qihoo 360 Total Security|Firefox|Chrome|150 Mbps cable broadband.
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.