Ray1000 Posted March 16, 2014 Posted March 16, 2014 Would someone kindly have a look at this log for me in case there's anything that might be causing the HP 550 laptop to run slow and freeze. Thank you Ray Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:49:11, on 16/03/2014 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16540) Boot mode: Normal Running processes: C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskeng.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: AuGen - https://secure.storetec.net/alchemyweb/Components/AuGen.cab O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing) O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 6514 bytes Quote
seedy21 Posted March 16, 2014 Posted March 16, 2014 Hi Ray1000 Please read this topic and post the logs it request's. Thank you. Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Starbuck Posted March 16, 2014 Posted March 16, 2014 Hi Ray, Unfortunately we don't rely on HijackThis anymore.... it's totally outdated and doesn't give us any where near the sort of information we need to make an informed decision on your system. Follow the link that seedy21 gave you and post the reports from the programs. Thanks Quote Member of:UNITE
Ray1000 Posted March 16, 2014 Author Posted March 16, 2014 Sorry for the mistake, I'll have a read and get back to you. Ray Quote
Starbuck Posted March 16, 2014 Posted March 16, 2014 That's ok Ray. Just post the reports when you have them. Quote Member of:UNITE
Ray1000 Posted March 17, 2014 Author Posted March 17, 2014 Thank you for your help ... This laptop belongs to an elderly lady and it only seems to be used for storing photos and the occasional outgoing email ... it does have a lot of incoming adverising emails directed at her husband's business. It seems to have not been used for some time prior to me having a look at it. It had AVG which I changed the other day for Avast. When I originally ran MWB prior to HJT one "Trojan" was found and removed, there was no log on the notepad due to the settings at the time. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.17.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 User :: USER-PC [administrator] 17/03/2014 09:24:30 mbam-log-2014-03-17 (09-24-30).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 364107 Time elapsed: 1 hour(s), 21 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) OTL logfile created on: 17/03/2014 11:22:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1014.52 Mb Total Physical Memory | 87.67 Mb Available Physical Memory | 8.64% Memory free 2.24 Gb Paging File | 0.91 Gb Available in Paging File | 40.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 140.05 Gb Total Space | 88.29 Gb Free Space | 63.04% Space Free | Partition Type: NTFS Drive D: | 9.00 Gb Total Space | 2.42 Gb Free Space | 26.86% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVAST Software\Avast\libcef.dll () ========== Services (SafeList) ========== SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\windows\System32\drivers\aswVmm.sys () DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRvrt) -- C:\windows\System32\drivers\aswRvrt.sys () DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{A239B56E-212C-41DC-B6AB-CDDE74255A52}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmnbie7-en-gb IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enGB466 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={86F4154E-6DDB-45B5-BB21-4FA5B9ECD202}&mid=d2e8c6102bc247d1b64ed16b2293bb33-273c5f6248c1041996e2c3bf0b7caf15e3c461f7&lang=en&ds=AVG&pr=fr&d=2011-10-13 18:19:49&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\4.bin\NPMyWebS.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/08 16:03:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\4.bin FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/08 16:03:51 | 000,000,000 | ---D | M] [2010/06/01 14:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions Hosts file not found O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O8 - Extra context menu item: &Search - Reg Error: Value error. File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: AuGen https://secure.storetec.net/alchemyweb/Components/AuGen.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC8716CA-A8D5-4D90-9FF5-78468A696B3C}: DhcpNameServer = 192.168.1.1 0.0.0.0 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{707d501e-dd46-11e0-85c4-0022647752c0}\Shell - "" = AutoRun O33 - MountPoints2\{707d501e-dd46-11e0-85c4-0022647752c0}\Shell\AutoRun\command - "" = H:\SafeStick.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2014/03/17 08:56:20 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2014/03/17 08:56:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2014/03/17 08:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2014/03/16 21:09:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2014/03/16 21:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2014/03/15 20:12:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\hpqLog [2014/03/15 15:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSConfig CleanUp [2014/03/15 15:18:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVAST Software [2014/03/15 15:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast [2014/03/15 15:15:17 | 000,057,672 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys [2014/03/15 15:15:16 | 000,775,952 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2014/03/15 15:15:16 | 000,410,784 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys [2014/03/15 15:15:16 | 000,067,824 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys [2014/03/15 15:15:16 | 000,054,832 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys [2014/03/15 15:15:14 | 000,270,240 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe [2014/03/15 15:15:11 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2014/03/15 15:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2014/03/15 15:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2014/03/15 14:43:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TuneUp Software [2014/03/15 14:08:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Live [2014/03/15 14:07:53 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webservices.dll [2014/03/15 14:06:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2014/03/15 14:06:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2014/03/15 14:06:36 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2014/03/15 14:06:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2014/03/15 14:06:36 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2014/03/15 14:06:34 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2014/03/15 14:06:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2014/03/15 14:06:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2014/03/15 13:46:56 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll [2014/03/15 13:46:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll [2014/03/15 13:46:13 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2014/03/15 13:46:10 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wer.dll [2014/03/15 11:47:22 | 000,000,000 | ---D | C] -- C:\eac94ed3bb96ab4a8254f1 [2014/03/15 11:42:47 | 000,000,000 | ---D | C] -- C:\windows\pss [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/03/17 11:21:23 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014/03/17 11:21:23 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2014/03/17 11:18:11 | 000,000,506 | ---- | M] () -- C:\Users\User\Desktop\OTL - Shortcut.lnk [2014/03/17 10:55:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2014/03/17 09:24:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2014/03/17 09:21:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2014/03/17 09:21:11 | 1064,624,128 | -HS- | M] () -- C:\hiberfil.sys [2014/03/17 08:56:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/03/16 21:38:45 | 000,652,188 | ---- | M] () -- C:\windows\System32\perfh009.dat [2014/03/16 21:38:45 | 000,126,956 | ---- | M] () -- C:\windows\System32\perfc009.dat [2014/03/15 21:23:05 | 000,000,915 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Mail.lnk [2014/03/15 20:26:41 | 000,420,072 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2014/03/15 15:15:12 | 000,775,952 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2014/03/15 15:15:12 | 000,410,784 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys [2014/03/15 15:15:12 | 000,180,248 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys [2014/03/15 15:15:12 | 000,067,824 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys [2014/03/15 15:15:12 | 000,057,672 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys [2014/03/15 15:15:12 | 000,049,944 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys [2014/03/15 15:15:11 | 000,270,240 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe [2014/03/15 15:15:11 | 000,054,832 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys [2014/03/15 15:15:11 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2014/03/15 15:05:57 | 000,001,950 | ---- | M] () -- C:\Users\User\Desktop\Pictures.lnk [2014/03/15 15:00:02 | 000,000,943 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2014/03/15 12:00:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2014/03/15 12:00:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2014/02/23 05:47:19 | 001,806,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2014/02/23 05:39:28 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2014/02/23 05:38:15 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll [2014/02/23 05:38:08 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2014/02/23 05:38:08 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2014/02/23 05:37:12 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2014/02/23 05:36:22 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2014/02/23 05:35:49 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/03/17 11:18:11 | 000,000,506 | ---- | C] () -- C:\Users\User\Desktop\OTL - Shortcut.lnk [2014/03/17 08:56:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/03/15 21:23:05 | 000,000,915 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Mail.lnk [2014/03/15 15:15:17 | 000,180,248 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys [2014/03/15 15:15:16 | 000,049,944 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys [2014/03/15 15:05:57 | 000,001,950 | ---- | C] () -- C:\Users\User\Desktop\Pictures.lnk [2010/10/30 14:51:58 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat [2009/09/12 16:22:37 | 000,005,632 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/02 12:51:16 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/09/20 14:56:50 | 000,000,000 | -HSD | M] -- C:\Users\User\AppData\Roaming\.# [2014/03/15 15:18:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVAST Software [2013/01/29 07:37:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG January 2013 Campaign [2011/10/13 16:55:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sammsoft [2014/03/15 14:43:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: ST9160827AS Partitions: 2 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 140.00GB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 9.00GB Starting Offset: 150376112128 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2014/03/17 09:21:11 | 1064,624,128 | -HS- | M] () -- C:\hiberfil.sys [2014/03/17 09:21:09 | 1378,377,728 | -HS- | M] () -- C:\pagefile.sys [1 C:\*.tmp files -> C:\*.tmp -> ] < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2007/09/13 23:04:54 | 000,252,416 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\Spool\prtprocs\w32x86\hpzpp073.dll [2008/10/28 11:49:30 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2008/01/21 03:31:11 | 015,716,352 | ---- | M] () -- C:\windows\System32\config\COMPONENTS.SAV [2008/01/21 03:31:01 | 000,102,400 | ---- | M] () -- C:\windows\System32\config\DEFAULT.SAV [2008/01/21 03:31:12 | 000,020,480 | ---- | M] () -- C:\windows\System32\config\SECURITY.SAV [2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\windows\System32\config\SOFTWARE.SAV [2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2008/01/21 02:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/08 07:13:32 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/08 07:13:32 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/08 07:13:32 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/02/23 06:00:18 | 000,757,488 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2014/02/23 06:00:18 | 000,757,488 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/08 07:13:32 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/08 07:13:32 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/08 07:13:32 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/02/23 06:00:18 | 000,757,488 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2014/02/23 06:00:18 | 000,757,488 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 2693 bytes -> C:\Users\User\Documents\February.eml:OECustomProperty < End of report > OTL Extras logfile created on: 17/03/2014 11:22:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1014.52 Mb Total Physical Memory | 87.67 Mb Available Physical Memory | 8.64% Memory free 2.24 Gb Paging File | 0.91 Gb Available in Paging File | 40.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 140.05 Gb Total Space | 88.29 Gb Free Space | 63.04% Space Free | Partition Type: NTFS Drive D: | 9.00 Gb Total Space | 2.42 Gb Free Space | 26.86% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 1 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11A0C680-A668-4328-B259-C2AB428E3AD2}" = lport=2869 | protocol=6 | dir=in | app=system | "{56FE5F79-E66C-4E6B-8E51-94FEA4373B04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{090DAFE8-80CE-452D-B164-33A76897906F}" = protocol=17 | dir=in | app=c:\program files\bt business broadband desktop help\btbb\bthelpnotifier.exe | "{16227077-0F5B-434A-BD02-0FA147178B5E}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgplgtupl.exe | "{1F9A624B-55F8-4A99-A782-F0D872AC6798}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqsudi.exe | "{27ED5618-1E53-460C-906C-ACF04E009812}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{3EA42EE8-BC52-4AD0-95F1-4BA4ACCB5B2E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{4288323D-680B-49E6-AFB6-E0BFD9DDB70A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4A81665D-737D-4238-974A-05A4DBBF90AB}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgpc01.exe | "{56F54F03-4032-4718-93D0-E2E7B3E9DB1E}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpfccopy.exe | "{5E141722-81B2-4C1A-8D60-A439D1299767}" = protocol=6 | dir=in | app=c:\program files\bt business broadband desktop help\btbb\bthelpnotifier.exe | "{62971252-5212-4DBE-A773-495F533A3B45}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposid01.exe | "{69C7AB30-24BC-487C-A987-976D0CBF8FB8}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqste08.exe | "{6BD90895-1994-4B2C-B59A-E02A91DEF3DA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{72485D4C-8A5B-45BE-95C2-559E1CDDEDAA}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe | "{7AFB4D68-4749-44C8-99D7-9AAE63B3E552}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{7CF8CB71-9928-4D79-B708-E61CF1F97DA5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{7E66B4E5-2B97-4B7E-AB64-3A863FF7382D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpoews01.exe | "{8E0B2D2E-7F75-48C2-9CBD-76C3024732A3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{A2D6D68D-4F8D-4706-A782-1AC3E6128062}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B11C7A9C-E5F6-4A75-9120-3A8CF4212881}" = protocol=6 | dir=in | app=c:\program files\bt business broadband desktop help\btbb\bthelpbrowser.exe | "{B490CDDB-46C8-43EE-919F-7BFA771AA700}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpiscnapp.exe | "{B493E4C5-1154-40C2-95A0-DF6FC0C30766}" = protocol=17 | dir=in | app=c:\program files\bt business broadband desktop help\btbb\bthelpbrowser.exe | "{B9E75FEF-5FC5-4FAE-BE16-0630EBD2117A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpsapp.exe | "{CEF26917-B4F1-4D90-A28B-116DBE7F16AE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{DCD21EB1-9211-49E8-9490-8E5FEA329C6B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{EC6ECA86-2676-447E-BB5C-088996F4874A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqkygrp.exe | "{F4BDA4C9-1A4B-4C55-B1BC-CD17414D61B6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{F857F241-74D9-43A5-B589-EB3750C9FD8A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpse.exe | "TCP Query User{2E738627-35BB-4203-80C4-4AF0752621EA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{A5A413C8-941C-4734-A705-F464E7973BB8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1 "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status "{0812B697-3B0A-4392-B975-E415FC16C71E}" = HP Photosmart C5300 All-In-One Driver Software 12.0 Rel .4 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup "{3AA1CB3C-F146-4340-AF8C-E97845A22629}" = C5300 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4217C49A-545A-499E-9428-6D61B004A671}" = HP User Guides 0113 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business "{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget "{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting "{83C4CC25-EEFA-4E9F-A428-E1764266442E}" = PS_AIO_04_C5300_Software_Min "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{93D44E47-EBE0-43FC-A427-8AC3CD026536}" = Vista Default Settings "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan "{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{BC1DC565-8B34-4B29-9DB2-BF281C2FB56E}" = ESU for Microsoft Vista SP1 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10 "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX "Agere Systems Soft Modem" = Agere Systems HDA Modem "Avast" = avast! Free Antivirus "BTBusinessHub" = BTBusinessHub "GoToAssist" = GoToAssist Corporate "HDMI" = Intel® Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 12.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 12.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Picasa 3" = Picasa 3 "PROSet" = Intel® PRO Network Connections Drivers "SynTPDeinstKey" = Synaptics Pointing Device Driver ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16/03/2014 13:00:22 | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 16/03/2014 15:02:48 | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 16/03/2014 15:14:16 | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 16/03/2014 15:29:19 | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 16/03/2014 16:31:39 | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 16/03/2014 16:53:48 | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 16/03/2014 17:17:58 | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 16/03/2014 17:49:02 | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 17/03/2014 04:49:53 | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 17/03/2014 05:22:52 | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 15/03/2014 09:27:51 | Computer Name = User-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.66 for the Network Card with network address 002100953395 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 15/03/2014 10:19:48 | Computer Name = User-PC | Source = Service Control Manager | ID = 7011 Description = Error - 15/03/2014 11:39:52 | Computer Name = User-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 15:36:01 on 15/03/2014 was unexpected. Error - 16/03/2014 10:00:06 | Computer Name = User-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.9 for the Network Card with network address 002100953395 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 16/03/2014 12:58:44 | Computer Name = User-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 16:48:52 on 16/03/2014 was unexpected. Error - 16/03/2014 15:12:39 | Computer Name = User-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 19:09:04 on 16/03/2014 was unexpected. Error - 16/03/2014 15:27:43 | Computer Name = User-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 19:26:32 on 16/03/2014 was unexpected. Error - 16/03/2014 17:16:19 | Computer Name = User-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 21:14:04 on 16/03/2014 was unexpected. Error - 17/03/2014 04:49:54 | Computer Name = User-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.7 for the Network Card with network address 002100953395 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 17/03/2014 05:21:16 | Computer Name = User-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 08:58:09 on 17/03/2014 was unexpected. < End of report > Quote
Ray1000 Posted March 17, 2014 Author Posted March 17, 2014 I notice Firefox gets a mention ... there is only IE being used on the machine. Ray Quote
Starbuck Posted March 17, 2014 Posted March 17, 2014 Hi Ray, I notice Firefox gets a mention ... there is only IE being used on the machine. Firefox is not showing in the uninstall list either. I suspect that it was installed at one point and then removed. When Firefox is removed it sometimes leaves a folder behind with user preferences. If you navigate to: c:\program files .... i'm sure you will find a folder there named Mozilla Firefox. Step 1 Double click on OTL to run it. Vista/Windows 7/8 users right-click and select Run As Administrator. Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section ) :Otl DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={8...r&d=2011-10-13 18:19:49&v=10.0.0.7&sap=dsp&q={searchTerms} FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\4.bin\NPMyWebS.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\4.bin O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O8 - Extra context menu item: &Search - Reg Error: Value error. File not found O16 - DPF: AuGen https://secure.storetec.net/alchemyw...ents/AuGen.cab (Reg Error: Key error.) O33 - MountPoints2\{707d501e-dd46-11e0-85c4-0022647752c0}\Shell - "" = AutoRun O33 - MountPoints2\{707d501e-dd46-11e0-85c4-0022647752c0}\Shell\AutoRun\command - "" = H:\SafeStick.exe [2011/09/20 14:56:50 | 000,000,000 | -HSD | M] -- C:\Users\User\AppData\Roaming\.# [2013/01/29 07:37:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG January 2013 Campaign [2011/10/13 16:55:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sammsoft :Files C:\Program Files\MyWebSearch ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 7 Update 51 and save it to your desktop. Scroll down to where it says "Java SE 7 Update 51". Click the "Download JRE" button. Accept the license agreement. select 'Windows x86'offline from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. . Java SE Runtime Environment 6 Update 1 . Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on downloaded icon to install the newest version. In your next reply, please submit: Otl fix report Also give me an update on how the system is running. Thanks. Quote Member of:UNITE
Ray1000 Posted March 17, 2014 Author Posted March 17, 2014 Thank you Pete, Just to quantify how bad the laptop is I've only got as far as highlighting the text to copy the lines in the code box and the screen has frozen ... I'll start again and let you have the report shortly. Strangely there is no Mozilla Folder in C: > Progam Files! In Search it only comes up with the OTL folder. Ray Quote
Ray1000 Posted March 17, 2014 Author Posted March 17, 2014 This Otl fix report is being sent from the HP laptop ... an achievement in itself ... I'll let you know about the second part, Java Update, shortly. All processes killed ========== OTL ========== Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys File not found not found. Service MRESP50a64 stopped successfully! Service MRESP50a64 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found not found. Service MRESP50 stopped successfully! Service MRESP50 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found not found. Service MRENDIS5 stopped successfully! Service MRENDIS5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found not found. Service MREMPR5 stopped successfully! Service MREMPR5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found not found. Service MREMP50a64 stopped successfully! Service MREMP50a64 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found not found. Service MREMP50 stopped successfully! Service MREMP50 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File system32\DRIVERS\ipinip.sys File not found not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com deleted successfully. File C:\Program Files\MyWebSearch\bar\4.bin not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowRun deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully. Starting removal of ActiveX control AuGen Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\AuGen\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\AuGen\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\AuGen\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{707d501e-dd46-11e0-85c4-0022647752c0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707d501e-dd46-11e0-85c4-0022647752c0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{707d501e-dd46-11e0-85c4-0022647752c0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707d501e-dd46-11e0-85c4-0022647752c0}\ not found. File H:\SafeStick.exe not found. C:\Users\User\AppData\Roaming\.# folder moved successfully. C:\Users\User\AppData\Roaming\AVG January 2013 Campaign folder moved successfully. C:\Users\User\AppData\Roaming\Sammsoft folder moved successfully. ========== FILES ========== File\Folder C:\Program Files\MyWebSearch not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\User\Downloads\cmd.bat deleted successfully. C:\Users\User\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: User ->Temp folder emptied: 57021374 bytes ->Temporary Internet Files folder emptied: 7860419 bytes ->Java cache emptied: 473730 bytes ->Flash cache emptied: 3803595 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 286472468 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 19469456 bytes Total Files Cleaned = 358.00 mb HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 03172014_194328 Files\Folders moved on Reboot... C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Quote
KenB Posted March 17, 2014 Posted March 17, 2014 Just poking my nose in here ..... Can you copy the logs in Safe Mode any better ? Constantly tap F8 after switching on - select Safe Mode form the list of options. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Ray1000 Posted March 17, 2014 Author Posted March 17, 2014 Thank you Ken, It only happened the once I restarted the machine and managed to copy it the second time and of course since the OTL fix it hasn't frozen ... I'll just finish the Java update and will be back shortly Ray Quote
Ray1000 Posted March 17, 2014 Author Posted March 17, 2014 Thank you very much for your help Pete, I have the new Java installed and the old one removed. I could have easily overwhelmed the machine before by doing too many things at once, the screen would have frozen, or the mouse would have stopped responding, but now it seems to be running perfectly. On the laptop there are 47 items in "Uninstall or change a program" list compared to the 11 on my desktop (Both on Vista) which raises two questions ... would the laptop be further improved by removing some of them? ... and is my machine short of something that would improve it's performance? Java isn't installed for instance. My Desktop http://i272.photobucket.com/albums/jj161/JRD81/OnDesktop.jpg Thank you again, Ray Quote
Starbuck Posted March 17, 2014 Posted March 17, 2014 (edited) Hi Ray, On the laptop there are 47 items in "Uninstall or change a program" list compared to the 11 on my desktop (Both on Vista) which raises two questions ... would the laptop be further improved by removing some of them? ... and is my machine short of something that would improve it's performance? Java isn't installed for instance. Ok, let's take this one step at a time.... Sometimes the manufacturer adds loads of 'bloatware' to a system. This machine looks typical of that. They basically add loads of stuff that you don't really need. Looking at the screenshot of your Desktop.... this doesn't seem to be the case there. Would the laptop be further improved without some of this.... probably not. You only have the one startup program: (which is good) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) So none of the extra programs are trying to be run when the system is started. You also have quite a bit of free space on the hard drive: Drive C: | 140.05 Gb Total Space | 88.29 Gb Free Space | 63.04% Space Free | Partition Type: NTFS So leaving them installed isn't using a lot of space. Your Desktop uninstall list looks very similar to mine.... nice and short. :) If you don't need it.... don't install it. Java is an optional really. A lot of people don't install it ..... and some will probably never need it anyway. If a particular site did need it, it would tell you. The only problem is..... if it's installed it must be kept up to date as it's a favourite with the bad guys ( they will always try to find a loop hope into your system through it.) You could always uninstall it from the laptop and see how it goes. Like i say, you may never need it anyway. This orphan entry we removed: O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. Was created by an 'unknown' piece of malware. As we don't know what caused it, i really think we should look a bit deeper..... just incase anything is trying to hide. The hosts file was missing..... we don't know if it was malware that removed it or it got accidentally removed. Either way, we have reset it but another reason to look a bit deeper. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. Vista/Win7 users should right click on the icon and select Run as Administrator. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista/Win7, you will not see the recovery console screens as they are Win XP related Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Thanks Edited March 17, 2014 by Starbuck Quote Member of:UNITE
Ray1000 Posted March 17, 2014 Author Posted March 17, 2014 Thanks Pete, I'll have a look at that in the morning. Needless to say there were about twenty items in start up on the laptop at the beginning, I always keep mine down to the one antivirus entry. Ray Quote
Ray1000 Posted March 18, 2014 Author Posted March 18, 2014 Hopefully I've done this properly .... ComboFix 14-03-16.01 - User 18/03/2014 12:18:52.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1015.299 [GMT 0:00] Running from: c:\users\User\Desktop\ComboFix1.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\cid.drv c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\eb.drv c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\eb.exe c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\eb.sys c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\energy.drv c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\energy.sys c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\exec.exe c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\gid.sys c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\grid.dll c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\PE.dll c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\PE.drv c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.tmp c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\sld.sys c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\snl2w.tmp c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\std.dll c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf . . ((((((((((((((((((((((((( Files Created from 2014-02-18 to 2014-03-18 ))))))))))))))))))))))))))))))) . . 2014-03-18 12:31 . 2014-03-18 12:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-17 20:20 . 2014-03-17 20:20 -------- d-----w- c:\program files\Common Files\Java 2014-03-17 20:19 . 2014-03-17 20:18 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-03-17 20:18 . 2014-03-17 20:18 -------- d-----w- c:\program files\Java 2014-03-17 19:43 . 2014-03-17 19:43 -------- d-----w- C:\_OTL 2014-03-16 21:09 . 2014-03-16 21:09 -------- d-----w- c:\program files\Trend Micro 2014-03-16 19:01 . 2014-03-16 19:28 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6B7429E-9E11-4FC5-8391-2F81E0DBDC8F}\offreg.dll 2014-03-15 20:12 . 2014-03-15 20:12 -------- d-----w- c:\users\User\AppData\Roaming\hpqLog 2014-03-15 15:30 . 2014-03-15 15:30 -------- d-----w- c:\program files\MSConfig CleanUp 2014-03-15 15:18 . 2014-03-15 15:18 -------- d-----w- c:\users\User\AppData\Roaming\AVAST Software 2014-03-15 15:15 . 2014-03-15 15:15 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2014-03-15 15:15 . 2014-03-15 15:15 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-03-15 15:15 . 2014-03-15 15:15 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-03-15 15:15 . 2014-03-15 15:15 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-03-15 15:15 . 2014-03-15 15:15 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-03-15 15:15 . 2014-03-15 15:15 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys 2014-03-15 15:15 . 2014-03-15 15:15 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2014-03-15 15:15 . 2014-03-15 15:15 270240 ----a-w- c:\windows\system32\aswBoot.exe 2014-03-15 15:15 . 2014-03-15 15:15 43152 ----a-w- c:\windows\avastSS.scr 2014-03-15 15:13 . 2014-03-15 15:13 -------- d-----w- c:\program files\AVAST Software 2014-03-15 15:11 . 2014-03-15 15:11 -------- d-----w- c:\programdata\AVAST Software 2014-03-15 14:43 . 2014-03-15 14:43 -------- d-----w- c:\users\User\AppData\Roaming\TuneUp Software 2014-03-15 14:08 . 2014-03-15 14:08 -------- d-----w- c:\users\User\AppData\Local\Windows Live 2014-03-15 14:07 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll 2014-03-15 13:46 . 2014-02-03 10:37 505344 ----a-w- c:\windows\system32\qedit.dll 2014-03-15 13:46 . 2013-11-13 00:30 2048 ----a-w- c:\windows\system32\tzres.dll 2014-03-15 13:46 . 2014-02-07 10:38 2050560 ----a-w- c:\windows\system32\win32k.sys 2014-03-15 13:46 . 2014-01-30 07:46 876032 ----a-w- c:\windows\system32\wer.dll 2014-03-15 11:47 . 2014-03-15 11:54 -------- d-----w- C:\eac94ed3bb96ab4a8254f1 2014-02-17 11:01 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-15 12:00 . 2012-12-05 13:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-15 12:00 . 2012-01-13 21:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-03-15 15:15 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-15 3767096] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2007-06-08 16:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-11-24 12:43 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2014-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-05 12:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.co.uk/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 0.0.0.0 . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-03-18 12:31 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2014-03-18 12:34:41 ComboFix-quarantined-files.txt 2014-03-18 12:34 . Pre-Run: 93,622,816,768 bytes free Post-Run: 93,787,295,744 bytes free . - - End Of File - - 47C01BB6285C71BDE19C5E6C4A13CCFE 5C616939100B85E558DA92B899A0FC36 Quote
Starbuck Posted March 18, 2014 Posted March 18, 2014 Hi Ray, Any improvement after running Combofix? Quote Member of:UNITE
Ray1000 Posted March 18, 2014 Author Posted March 18, 2014 Hi Pete, I think the improvement in performance following your initial work made such a difference that anything extra from Combofix isn't so noticeable. ***Just before answering you - on my desktop - I turned the laptop on, flicked through 3 or 4 web pages including Google maps in satellite mode and made sure all was well then went into the "Computer" screen to have a look at the OTL folder in C: with a view to asking if it wanted removing or leaving ... a few minutes after I noticed the mouse pointer on the laptop had disappeared and the screen has frozen.:( I'll turn it off and restart it and see if it does it again ... Ray Quote
Starbuck Posted March 18, 2014 Posted March 18, 2014 Hi Ray, Everything we use will be removed when we are sure that the system is clean. (even the reports) How did the system run after the reboot? Quote Member of:UNITE
Ray1000 Posted March 18, 2014 Author Posted March 18, 2014 Restarted, connected to the Internet, flicked through several pages including satellite maps zoomed in as quick as you would expect from 1GB of memory ... let it stand on the "My Computer" page for a while ... OK Closed everything down and started Windows Task Manager on both machines ... both CPU usage fluctuating between 0 & 2% but the laptop Physical Memory Usage is 665 MB out of a total of 1000MB and my desktop is using 580 out of a possible 2000. Ray Quote
Ray1000 Posted March 18, 2014 Author Posted March 18, 2014 The laptop has continued to run for 30 minutes on the Task Manager Performance screen without locking up Quote
Ray1000 Posted March 19, 2014 Author Posted March 19, 2014 Continued to run normally this morning for an hour with several web pages open. Ray Quote
Ray1000 Posted March 19, 2014 Author Posted March 19, 2014 Ran a full length film on YouTube for about 40 mins while several other pages were open in the background and it worked perfectly then later this afternoon it froze while doing nothing. Ray Quote
Starbuck Posted March 19, 2014 Posted March 19, 2014 Hi Ray This sounds more like a hardware/software fault, or possibly an over heating problem. It doesn't seem to be malware related. Let's try a different type of scan: Download Speccy and save it to your desktop. Double click the downloaded icon to run the installer Vista and Win7 users right click and select 'run as Administrator'. Follow the onscreen prompts Make sure that 'Run Speccy' is ticked at the end and click Finish. Your system will now be analyzed and the information will appear in the Speccy window once complete. Please post a snapshot of your PC. In the Menu bar, (at the top left) click File >>> Publish Snapshot Click Yes >>> Copy to Clipboard Please paste this in your next reply. Thanks Quote Member of:UNITE
Ray1000 Posted March 19, 2014 Author Posted March 19, 2014 Thank you Pete, I’ve condensed the spacing in Word to save on scrolling ... I ran the scan twice to see if the temperature changed after it had run for a while ... they were 46º C, 43º C, 32º C. Operating System Windows Vista Home Basic 32-bit SP2 CPU Intel Celeron M 550 @ 2.00GHz: 46 °C Conroe-L 65nm Technology RAM 1.00GB Single-Channel DDR2 @ 266MHz (4-4-4-12) Motherboard Hewlett-Packard 3618 (U10): 42 °C Graphics LP154WX4-TLCB (1280x800@60Hz) Intel Mobile Intel 965 Express Chipset Family (HP) Intel Mobile Intel 965 Express Chipset Family (HP) Storage 149GB Seagate ST9160827AS (SATA): 37 °C Optical Drives Optiarc DVD RW AD-7581A ATA Device Audio SoundMAX Integrated Digital HD Audio Windows Vista Home Basic 32-bit SP2 Computer type: Notebook Installation Date: 08/09/2009 21:48:36 Windows Security Center User Account Control (UAC): Disabled Firewall: Enabled Windows Update AutoUpdate: Not configured Windows Defender: Enabled Antivirus: Disabled Company Name: AVAST Software 9.0.2013 Virus Signature Database: Up to date .NET Frameworks installed v4.0 Client v3.5 SP1 v3.0 SP2 v2.0 SP2 v1.1 SP1 Internet Explorer Version: 9.0.8112.16421 PowerShell Version: 2.0 Environment Variables USERPROFILE: C:\Users\User SystemRoot: C:\windows User Variables TEMP: C:\Users\User\AppData\Local\Temp TMP: C:\Users\User\AppData\Local\Temp Machine Variables ComSpec: C:\windows\system32\cmd.exe DFSTRACINGON: FALSE EMC_AUTOPLAY: c:\Program Files\Common Files\Roxio Shared\ FP_NO_HOST_CHECK: NO NUMBER_OF_PROCESSORS: 1 Online Services OS: Windows_NT Path: C:\windows\system32 C:\windows C:\windows\system32\wbem c:\Program Files\Common Files\Roxio Shared\DLLShared c:\Program Files\Common Files\Roxio Shared\10.0\DLLShared C:\windows\System32\WindowsPowerShell\v1.0 PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC Platform: BNB PROCESSOR_ARCHITECTURE: x86 PROCESSOR_IDENTIFIER: x86 Family 6 Model 22 Stepping 1, GenuineIntel PROCESSOR_LEVEL: 6 PROCESSOR_REVISION: 1601 PSModulePath: C:\windows\system32\WindowsPowerShell\v1.0\Modules\ RoxioCentral: c:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\ TEMP: C:\windows\TEMP TMP: C:\windows\TEMP TRACE_FORMAT_SEARCH_PATH: \\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat USERNAME: SYSTEM windir: C:\windows Battery AC Line: Online Battery Charge %: 56 % Battery State: Battery Charge % Remaining Battery Time: Unknown Power Profile Active power scheme: High performance Hibernation: Enabled Turn Off Monitor after: (On AC Power): 20 min Turn Off Monitor after: (On Battery Power): 20 min Turn Off Hard Disk after: (On AC Power): 20 min Turn Off Hard Disk after: (On Battery Power): 20 min Suspend after: (On AC Power): Never Suspend after: (On Battery Power): 60 min Screen saver: Enabled Uptime Current Session Current Time: 19/03/2014 19:12:34 Current Uptime: 1,003 sec (0 d, 00 h, 16 m, 43 s) Last Boot Time: 19/03/2014 18:55:51 Services Running: Agere Modem Call Progress Audio Running: Andrea ADI Filters Service Running: Application Experience Running: avast! Antivirus Running: Base Filtering Engine Running: CNG Key Isolation Running: COM+ Event System Running: Cryptographic Services Running: DCOM Server Process Launcher Running: Desktop Window Manager Session Manager Running: DHCP Client Running: Diagnostic Policy Service Running: Diagnostic System Host Running: Distributed Link Tracking Client Running: DNS Client Running: Extensible Authentication Protocol Running: Function Discovery Resource Publication Running: Group Policy Client Running: HP CUE DeviceDiscovery Service Running: hpqcxs08 Running: IKE and AuthIP IPsec Keying Modules Running: IP Helper Running: IPsec Policy Agent Running: KtmRm for Distributed Transaction Coordinator Running: LightScribeService Direct Disc Labeling Service Running: Multimedia Class Scheduler Running: Net Driver HPZ12 Running: Network Connections Running: Network List Service Running: Network Location Awareness Running: Network Store Interface Service Running: Peer Name Resolution Protocol Running: Peer Networking Identity Manager Running: Plug and Play Running: Pml Driver HPZ12 Running: Portable Device Enumerator Service Running: Print Spooler Running: Program Compatibility Assistant Service Running: ReadyBoost Running: Remote Access Connection Manager Running: Remote Procedure Call (RPC) Running: Secondary Logon Running: Secure Socket Tunneling Protocol Service Running: Security Accounts Manager Running: Security Center Running: Server Running: Shell Hardware Detection Running: Software Licensing Running: SSDP Discovery Running: Superfetch Running: System Event Notification Service Running: Tablet PC Input Service Running: Task Scheduler Running: TCP/IP NetBIOS Helper Running: Telephony Running: Terminal Services Running: Themes Running: UPnP Device Host Running: User Profile Service Running: WebClient Running: Windows Audio Running: Windows Audio Endpoint Builder Running: Windows Driver Foundation - User-mode Driver Framework Running: Windows Error Reporting Service Running: Windows Event Log Running: Windows Firewall Running: Windows Font Cache Service Running: Windows Image Acquisition (WIA) Running: Windows Management Instrumentation Running: Windows Media Player Network Sharing Service Running: Windows Modules Installer Running: Windows Search Running: Windows Time Running: Windows Update Running: WinHTTP Web Proxy Auto-Discovery Service Running: WLAN AutoConfig Running: Workstation Stopped: Adobe Acrobat Update Service Stopped: Adobe Flash Player Update Service Stopped: Application Information Stopped: Application Layer Gateway Service Stopped: ASP.NET State Service Stopped: Background Intelligent Transfer Service Stopped: Certificate Propagation Stopped: COM+ System Application Stopped: Computer Browser Stopped: DFS Replication Stopped: Diagnostic Service Host Stopped: Distributed Transaction Coordinator Stopped: Function Discovery Provider Host Stopped: Google Software Updater Stopped: GoToAssist Stopped: Health Key and Certificate Management Stopped: HP Health Check Service Stopped: HP ProtectTools Device Locking / Auditing Stopped: hpqwmiex Stopped: Human Interface Device Access Stopped: InstallDriver Table Manager Stopped: Intel Matrix Storage Event Monitor Stopped: Interactive Services Detection Stopped: Internet Connection Sharing (ICS) Stopped: IviRegMgr Stopped: Link-Layer Topology Discovery Mapper Stopped: Microsoft .NET Framework NGEN v2.0.50727_X86 Stopped: Microsoft .NET Framework NGEN v4.0.30319_X86 Stopped: Microsoft iSCSI Initiator Service Stopped: Microsoft Office Diagnostics Service Stopped: Microsoft Software Shadow Copy Provider Stopped: Net.Tcp Port Sharing Service Stopped: Netlogon Stopped: Network Access Protection Agent Stopped: Office Source Engine Stopped: Parental Controls Stopped: Peer Networking Grouping Stopped: Performance Logs & Alerts Stopped: PnP-X IP Bus Enumerator Stopped: PNRP Machine Name Publication Service Stopped: Problem Reports and Solutions Control Panel Support Stopped: Protected Storage Stopped: Quality Windows Audio Video Experience Stopped: Remote Access Auto Connection Manager Stopped: Remote Procedure Call (RPC) Locator Stopped: Remote Registry Stopped: Routing and Remote Access Stopped: RoxMediaDB10 Stopped: SL UI Notification Service Stopped: Smart Card Stopped: Smart Card Removal Policy Stopped: SNMP Trap Stopped: stllssvr Stopped: Terminal Services Configuration Stopped: Thread Ordering Server Stopped: TPM Base Services Stopped: Virtual Disk Stopped: Volume Shadow Copy Stopped: Windows Backup Stopped: Windows CardSpace Stopped: Windows Color System Stopped: Windows Connect Now - Config Registrar Stopped: Windows Defender Stopped: Windows Event Collector Stopped: Windows Installer Stopped: Windows Presentation Foundation Font Cache 3.0.0.0 Stopped: Windows Presentation Foundation Font Cache 4.0.0.0 Stopped: Windows Remote Management (WS-Management) Stopped: Wired AutoConfig Stopped: WMI Performance Adapter TimeZone: GMT Language: English (United Kingdom) Location: United Kingdom Format: English (United Kingdom) Scheduler19/03/2014 19:55;: Adobe Flash Player Updater 25/03/2014 02:12;: HP Health Check CreateChoiceProcessTask IHUninstallTrackingTASK Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.