Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop shuts down [Solved]


  • This topic is locked This topic is locked

#1
Wheelyjohn

Wheelyjohn

    Member

  • Member
  • PipPip
  • 49 posts
I am looking at a laptop for a friend. It has been running without virus protection and now shuts down soon after booting, or sometimes just before fully booted. It runs fine in safe mode. I have removed ALOT toolbar, Virus:BAT/Ballicus.A and hundreds of tracking cookies. I have installed mse.
I have hoovered out heatsinks and run system and memory diagnostics, but is still shuts down in normal mode, though now it often runs for longer, but never in safe mode.
When it shuts down it does it rapidly, no minidump logs left and nothing in the event viewer.
I would be most grateful for some help and have pasted an OTL log below.
Thanks Wheelyjohn.

OTL logfile created on: 05/06/2013 21:28:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

764.46 Mb Total Physical Memory | 376.88 Mb Available Physical Memory | 49.30% Memory free
1.75 Gb Paging File | 1.50 Gb Available in Paging File | 85.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.52 Gb Total Space | 32.62 Gb Free Space | 44.99% Space Free | Partition Type: NTFS

Computer Name: ADRIAN | User Name: Terry | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/28 16:03:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/05/29 13:48:48 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DBBD586D-8078-42B9-8D4B-AA3D528202A5}\MpKsl80aa07ec.sys -- (MpKsl80aa07ec)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DBBD586D-8078-42B9-8D4B-AA3D528202A5}\MpKsl24472c1a.sys -- (MpKsl24472c1a)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Terry\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/09/09 04:15:26 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2008/05/07 10:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/08/14 12:30:02 | 000,456,568 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2007/07/30 02:00:56 | 000,014,168 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/01/24 17:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = bt.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)


[2008/09/13 12:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\mozilla\Firefox\Profiles\mzhrpoqp.default\extensions
[2008/09/30 19:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/13 12:33:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/28 22:19:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D952C79-88F1-402A-B7B5-C753EB761C6E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FE0CE77-B51E-4F65-BAAC-D36874F7A3E9}: DhcpNameServer = 192.168.22.22 192.168.22.23
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/05 21:27:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
[2013/06/02 18:43:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/02 18:43:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/02 18:43:36 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\temp
[2013/05/28 22:08:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/28 22:08:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/28 22:08:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/28 22:08:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/28 19:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/28 19:06:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/28 18:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/28 17:29:59 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/05/23 21:34:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/22 21:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/05/22 20:06:03 | 000,000,000 | ---D | C] -- C:\a9d77b857342b5d45b1d
[2013/05/22 19:53:12 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\Apps
[2013/05/22 19:53:11 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\Deployment
[2013/05/21 22:50:38 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Malwarebytes
[2013/05/21 22:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/21 22:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/05 21:14:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/03 18:03:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/03 18:03:03 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/03 17:45:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/03 17:15:09 | 000,613,890 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/03 17:15:09 | 000,113,174 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/03 17:12:37 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 17:12:37 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 14:06:32 | 000,632,031 | ---- | M] () -- C:\Users\Terry\Desktop\adwcleaner.exe
[2013/06/02 18:37:59 | 000,001,356 | ---- | M] () -- C:\Users\Terry\AppData\Local\d3d9caps.dat
[2013/06/02 18:27:38 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/06/02 13:12:16 | 000,370,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/28 22:19:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/28 19:06:35 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/28 18:02:11 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/28 16:03:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/03 17:04:03 | 000,632,031 | ---- | C] () -- C:\Users\Terry\Desktop\adwcleaner.exe
[2013/05/29 13:56:39 | 000,001,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/28 22:08:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/28 22:08:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/28 22:08:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/28 22:08:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/28 22:08:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/28 19:06:35 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/28 18:02:11 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/28 17:58:09 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/28 17:58:06 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/30 21:52:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/10/30 21:28:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/10/30 21:28:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/10/30 21:27:44 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/04/05 13:24:32 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/04/05 13:24:32 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/04/05 13:22:22 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012/04/05 13:10:55 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08a.dat
[2012/04/05 12:39:30 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/07/01 23:06:20 | 000,001,356 | ---- | C] () -- C:\Users\Terry\AppData\Local\d3d9caps.dat
[2008/03/16 01:43:38 | 000,012,288 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/07/16 20:46:28 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/11/10 09:02:28 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\PCCUStubInstaller
[2012/05/17 22:17:37 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\ScanSoft
[2010/12/15 12:27:09 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\URSoft
[2012/05/17 22:17:45 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3E7393FC

< End of report >
  • 0

Advertisements


#2
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

  • You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
  • Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
  • Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
  • Please reply within 3 days. Topics with no reply in 4 days are closed!

With that all stated, let's get started! :)

Sorry for the delay, at times things get busy and some topics are missed, but we greatly appreciate your patience.

If you still have them, can you please post the log from ComboFix and AdwCleaner, also since it has been a while since the initial OTL Scan can you please follow these steps and run a custom scan and post back the OTL and the Extras.txt.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
Wheelyjohn

Wheelyjohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Thanks very much for coming back to me. The OTL logs are below, and the other files you wanted are attached.
Wheelyjohn

OTL logfile created on: 08/06/2013 19:04:09 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

764.46 Mb Total Physical Memory | 403.58 Mb Available Physical Memory | 52.79% Memory free
1.75 Gb Paging File | 1.51 Gb Available in Paging File | 86.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.52 Gb Total Space | 32.31 Gb Free Space | 44.56% Space Free | Partition Type: NTFS

Computer Name: ADRIAN | User Name: Terry | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/28 16:03:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/05/29 13:48:48 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Terry\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/06/08 13:06:08 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3D7FB62-7CAE-4FA8-BA3D-A29A08F070F9}\MpKsl9f796efa.sys -- (MpKsl9f796efa)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/09/09 04:15:26 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2008/05/07 10:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/08/14 12:30:02 | 000,456,568 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2007/07/30 02:00:56 | 000,014,168 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/01/24 17:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3793639970-1945759740-1854278831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = bt.yahoo.com
IE - HKU\S-1-5-21-3793639970-1945759740-1854278831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3793639970-1945759740-1854278831-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3793639970-1945759740-1854278831-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3793639970-1945759740-1854278831-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3793639970-1945759740-1854278831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3793639970-1945759740-1854278831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)


[2008/09/13 12:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\mozilla\Firefox\Profiles\mzhrpoqp.default\extensions
[2008/09/30 19:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/13 12:33:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/28 22:19:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3793639970-1945759740-1854278831-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3793639970-1945759740-1854278831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D952C79-88F1-402A-B7B5-C753EB761C6E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FE0CE77-B51E-4F65-BAAC-D36874F7A3E9}: DhcpNameServer = 192.168.22.22 192.168.22.23
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2013/06/05 21:27:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
[2013/06/02 18:43:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/02 18:43:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/02 18:43:36 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\temp
[2013/05/29 13:47:10 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013/05/29 11:41:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/29 11:27:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/29 11:27:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/29 11:27:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/29 11:27:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/29 11:27:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/29 11:27:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/29 11:27:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/28 22:08:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/28 22:08:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/28 22:08:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/28 22:08:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/28 19:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/28 19:06:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/28 18:15:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/28 18:14:53 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/28 18:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/28 17:29:59 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/05/23 21:34:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/22 21:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/05/22 20:06:03 | 000,000,000 | ---D | C] -- C:\a9d77b857342b5d45b1d
[2013/05/22 19:53:12 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\Apps
[2013/05/22 19:53:11 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\Deployment
[2013/05/21 22:50:38 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Malwarebytes
[2013/05/21 22:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/21 22:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/08 18:54:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/08 13:09:53 | 000,613,890 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/08 13:09:53 | 000,113,174 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/08 13:08:11 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/08 13:06:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 13:06:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 13:03:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/08 12:57:40 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/05 22:42:39 | 000,001,977 | ---- | M] () -- C:\Users\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/05 22:10:23 | 000,001,356 | ---- | M] () -- C:\Users\Terry\AppData\Local\d3d9caps.dat
[2013/06/03 14:06:32 | 000,632,031 | ---- | M] () -- C:\Users\Terry\Desktop\adwcleaner.exe
[2013/06/02 18:27:38 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/06/02 13:12:16 | 000,370,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/29 13:48:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/29 13:48:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/28 22:19:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/28 19:06:35 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/28 18:02:11 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/28 16:03:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Desktop\OTL.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/05 22:42:39 | 000,001,977 | ---- | C] () -- C:\Users\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/03 17:04:03 | 000,632,031 | ---- | C] () -- C:\Users\Terry\Desktop\adwcleaner.exe
[2013/05/29 13:56:39 | 000,001,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/28 22:08:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/28 22:08:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/28 22:08:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/28 22:08:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/28 22:08:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/28 19:06:35 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/28 18:02:11 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/28 17:58:09 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/28 17:58:06 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/30 21:52:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/10/30 21:28:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/10/30 21:28:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/10/30 21:27:44 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/04/05 13:24:32 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/04/05 13:24:32 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/04/05 13:22:22 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012/04/05 13:10:55 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08a.dat
[2012/04/05 12:39:30 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/07/01 23:06:20 | 000,001,356 | ---- | C] () -- C:\Users\Terry\AppData\Local\d3d9caps.dat
[2008/03/16 01:43:38 | 000,012,288 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 10:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 08:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 08:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 07:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 07:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 08:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 01:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 07:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 16:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 08:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 07:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 08:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 07:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 07:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 08:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 08:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 08:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 08:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 08:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 07:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 07:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 08:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 07:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 08:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 07:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 17:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 12:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 07:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 19:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 07:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 12:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 07:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 07:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 07:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 07:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 08:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 07:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 07:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 07:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 07:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 07:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 07:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 20:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 12:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/07/12 19:00:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/07/12 19:00:38 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CNF >
[2008/05/20 22:33:10 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Terry\Documents\My Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.EXE >
[2008/01/19 08:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 10:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 13:40:57 | 000,017,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 13:40:57 | 000,017,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2012/10/29 23:59:11 | 000,001,644 | ---- | M] () MD5=1B360CE904F6B3C38CAA7037D4E9D935 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/10/29 23:59:11 | 000,001,644 | ---- | M] () MD5=1B360CE904F6B3C38CAA7037D4E9D935 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 13:41:32 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 13:41:32 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is System
Volume Serial Number is 5C68-5913
Directory of C:\
02/11/2006 14:02 <JUNCTION> Documents and Settings [c:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/11/2006 14:02 <JUNCTION> Application Data [c:\ProgramData]
02/11/2006 14:02 <JUNCTION> Desktop [c:\Users\Public\Desktop]
02/11/2006 14:02 <JUNCTION> Documents [c:\Users\Public\Documents]
02/11/2006 14:02 <JUNCTION> Favorites [c:\Users\Public\Favorites]
02/11/2006 14:02 <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
02/11/2006 14:02 <SYMLINKD> All Users [c:\ProgramData]
02/11/2006 14:02 <JUNCTION> Default User [c:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 14:02 <JUNCTION> Application Data [c:\ProgramData]
02/11/2006 14:02 <JUNCTION> Desktop [c:\Users\Public\Desktop]
02/11/2006 14:02 <JUNCTION> Documents [c:\Users\Public\Documents]
02/11/2006 14:02 <JUNCTION> Favorites [c:\Users\Public\Favorites]
02/11/2006 14:02 <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 14:02 <JUNCTION> Application Data [c:\Users\Default\AppData\Roaming]
02/11/2006 14:02 <JUNCTION> Local Settings [c:\Users\Default\AppData\Local]
02/11/2006 14:02 <JUNCTION> My Documents [c:\Users\Default\Documents]
02/11/2006 14:02 <JUNCTION> NetHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 14:02 <JUNCTION> PrintHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 14:02 <JUNCTION> Recent [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 14:02 <JUNCTION> SendTo [c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 14:02 <JUNCTION> Start Menu [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 14:02 <JUNCTION> Application Data [c:\Users\Default\AppData\Local]
02/11/2006 14:02 <JUNCTION> History [c:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 14:02 <JUNCTION> Temporary Internet Files [c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 14:02 <JUNCTION> My Music [c:\Users\Default\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [c:\Users\Default\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [c:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 14:02 <JUNCTION> My Music [c:\Users\Public\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [c:\Users\Public\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [c:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Terry
04/03/2008 23:01 <JUNCTION> Application Data [C:\Users\Terry\AppData\Roaming]
04/03/2008 23:01 <JUNCTION> Cookies [C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Cookies]
04/03/2008 23:01 <JUNCTION> Local Settings [C:\Users\Terry\AppData\Local]
04/03/2008 23:01 <JUNCTION> My Documents [C:\Users\Terry\Documents]
04/03/2008 23:01 <JUNCTION> NetHood [C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/03/2008 23:01 <JUNCTION> PrintHood [C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/03/2008 23:01 <JUNCTION> Recent [C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Recent]
04/03/2008 23:01 <JUNCTION> SendTo [C:\Users\Terry\AppData\Roaming\Microsoft\Windows\SendTo]
04/03/2008 23:01 <JUNCTION> Start Menu [C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu]
04/03/2008 23:01 <JUNCTION> Templates [C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Terry\AppData\Local
04/03/2008 23:01 <JUNCTION> Application Data [C:\Users\Terry\AppData\Local]
04/03/2008 23:01 <JUNCTION> History [C:\Users\Terry\AppData\Local\Microsoft\Windows\History]
04/03/2008 23:01 <JUNCTION> Temporary Internet Files [C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Terry\Documents
04/03/2008 23:01 <JUNCTION> My Music [C:\Users\Terry\Music]
04/03/2008 23:01 <JUNCTION> My Pictures [C:\Users\Terry\Pictures]
04/03/2008 23:01 <JUNCTION> My Videos [C:\Users\Terry\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
49 Dir(s) 34,672,533,504 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3E7393FC

< End of report >


OTL Extras logfile created on: 08/06/2013 19:04:09 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

764.46 Mb Total Physical Memory | 403.58 Mb Available Physical Memory | 52.79% Memory free
1.75 Gb Paging File | 1.51 Gb Available in Paging File | 86.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.52 Gb Total Space | 32.31 Gb Free Space | 44.56% Space Free | Partition Type: NTFS

Computer Name: ADRIAN | User Name: Terry | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3793639970-1945759740-1854278831-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C615386-3AB8-4D69-96D3-EC085EB5CBC4}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26B9EA75-C10C-4716-AF95-329A6D1E4AD6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F5FCB66-2F08-4F60-BF01-EC0FDFF7ECEA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{3815D7A2-C68F-4831-A58D-7A00892A157E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3F956DD0-B903-4755-A1C1-25002E59DA36}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{69EEA5E7-7746-44C5-BB3A-C0847531BAF2}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{6EEE8678-48F5-484D-BECB-61BBCD70B4FC}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{72B4D676-43A9-4B53-B9FF-1351C59F1510}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{764FE2DA-32EA-473F-9999-EF45EDA74FE2}" = protocol=6 | dir=in | app=f:\release\tiscali.exe |
"{87E2836D-1046-4854-9347-9BE5F4E82E50}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{94BE3027-88FB-45EC-BF05-78E0A1B52045}" = protocol=17 | dir=in | app=f:\release\tiscali.exe |
"{ADEF5976-B234-471C-B362-B07B1661C5FE}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{B3FB26A7-3E31-4DE9-9460-D540E9E4A9A2}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{B9C7CA8C-7FF0-4F65-BC1A-884AB1DDB39B}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{C1B3BC64-CC70-42D3-BC74-CE8E55E4727D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{D0FC87EB-45FF-4342-89A3-9ED5A44A40D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F0CCD142-808E-4EBC-B356-2F5802D5C8E5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{F4B0101A-7E11-47A8-890B-8275C0CFEA18}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{FD0D644F-5BC3-4673-9881-D5A2437D5761}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003CD4FD-DB3E-4D12-9A34-8C00FA8A680F}" = WirelessControl
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FA282D-7E7A-4707-A8A3-031FC7D6F8CB}" = Brother MFL-Pro Suite DCP-6690CW
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DB457913-028D-460E-BB4C-D9A6369752CA}" = TouchPad HotKey Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SiS VGA Utilities" = SiS VGA Utilities
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Yahoo! Companion" = BT Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YU2010_is1" = Your Uninstaller! 2010

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/05/2013 17:18:17 | Computer Name = Adrian | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8923

Error - 03/05/2013 17:18:18 | Computer Name = Adrian | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/05/2013 17:18:18 | Computer Name = Adrian | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10047

Error - 03/05/2013 17:18:18 | Computer Name = Adrian | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10047

Error - 03/05/2013 17:18:19 | Computer Name = Adrian | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/05/2013 17:18:19 | Computer Name = Adrian | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11092

Error - 03/05/2013 17:18:19 | Computer Name = Adrian | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11092

Error - 03/05/2013 17:18:21 | Computer Name = Adrian | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/05/2013 17:18:21 | Computer Name = Adrian | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12277

Error - 03/05/2013 17:18:21 | Computer Name = Adrian | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12277

[ System Events ]
Error - 08/06/2013 07:59:08 | Computer Name = Adrian | Source = Service Control Manager | ID = 7000
Description =

Error - 08/06/2013 08:07:07 | Computer Name = Adrian | Source = Service Control Manager | ID = 7000
Description =

Error - 08/06/2013 13:55:01 | Computer Name = Adrian | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:25:20 on 08/06/2013 was unexpected.

Error - 08/06/2013 13:55:31 | Computer Name = Adrian | Source = DCOM | ID = 10005
Description =

Error - 08/06/2013 13:55:37 | Computer Name = Adrian | Source = DCOM | ID = 10005
Description =

Error - 08/06/2013 13:55:41 | Computer Name = Adrian | Source = DCOM | ID = 10005
Description =

Error - 08/06/2013 13:56:23 | Computer Name = Adrian | Source = Service Control Manager | ID = 7001
Description =

Error - 08/06/2013 13:56:23 | Computer Name = Adrian | Source = Service Control Manager | ID = 7026
Description =

Error - 08/06/2013 14:07:24 | Computer Name = Adrian | Source = DCOM | ID = 10005
Description =

Error - 08/06/2013 14:07:24 | Computer Name = Adrian | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.151.1686.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode


< End of report >

Attached Files


  • 0

#4
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Let's get a look and see if we can find more information on what might be causing the crashes.

Step 1 - aswMBR Scan

  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes
    Posted Image
  • Click the "Scan" button to start scan

    Posted Image
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 2 - Enable boot logging

  • When you boot, press F8 to get into the boot menu.
  • There select "enable boot logging", select normal, and try to boot your PC normally.
  • After it boots up then locate the file ntblog.txt in the windows directory and post it in your next reply.
If it crashes in normal mode, you can located the log in safe mode and then post it.

Step 3 - MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. aswMBR Scan Log
2. Boot Log (ntblog.txt)
3. MiniToolBox Log (Result.txt)
  • 0

#5
Wheelyjohn

Wheelyjohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Thanks for your help, the various logs are attached.
Just a few notes:

I am mainly running the machine in safe mode with networking to avoid crashes
Since I have had this machine several spam emails have been received by people in the address book, so I keep it offline as much as possible.
After booting up with bootlog enabled, I ran mini toolbox which caused an immediate crash, so back to safe mode with networking to run the mini toolbox.

Attached Files


  • 0

#6
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Microsoft Antimalware is causing some of the errors I am seeing, so for the time being please uninstall it.

Next:

  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each
    sfc /scannow

    Wait for this to finish before you continue

    copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
  • This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

  • 0

#7
Wheelyjohn

Wheelyjohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I had a problem sending cbs.txt as it is over 30 MB in size.
I have attached just the part with the current date. Let me know if you need more and I will have another go.
Thanks Wheelyjohn

Attached Files

  • Attached File  CBS1.txt   384.65KB   25 downloads

  • 0

#8
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Sometimes these files are too big to upload or copy/paste into the forum. So that I can get a look at the entire file, unless you already have a dropbox account, you can upload the file to file hosting site such as File Dropper or sendspace and then send me the link so that I can download the file.

Thanks,

Jasmyne
  • 0

#9
Wheelyjohn

Wheelyjohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
File uploaded to Filedropper http://www.filedropper.com/cbs
It seems a very short link, so I hope it works
Wheelyjohn

Edited by Wheelyjohn, 10 June 2013 - 09:12 AM.

  • 0

#10
Wheelyjohn

Wheelyjohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
.

Edited by Wheelyjohn, 10 June 2013 - 09:14 AM.

  • 0

Advertisements


#11
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Let's check for driver conflicts.

  • Start MSConfig

    Click Start, type msconfig in the Start Search box, and then press ENTER.
    If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.
  • Configure Selective Startup options

  • 1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

    Posted Image
  • Click to clear the Load Startup Items check box.
    Note The Use Original Boot.ini check box is unavailable.
  • Click the Services tab.

    Posted Image
  • Click to select the Hide All Microsoft Services check box.
  • Click Disable All, and then click OK.
  • When you are prompted, click Restart.

Can you now boot to normal windows ?
  • 0

#12
Wheelyjohn

Wheelyjohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
It ran ok for a few minutes but then got slower and slower. The task manager showed that the process 'Windows Modules Installer' wast taking 70%-90% of CPU time and the system then shut down.
  • 0

#13
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
The Windows Module Installer pertains to Windows update, so let's try cleaning the Windows Update cache to see if that will keep it from hanging.

  • Click Start, click All Programs, click Accessories, right-click Command Prompt, and select Run as Administrator.
  • Click Continue or provide Administrator credentials as needed.
  • In the Command Prompt window, type the following and press Enter after each line:

    net stop wuauserv
    
    ren %windir%\SoftwareDistribution SoftwareDistribution.OLD
    
    net start wuauserv
    
    exit

Now try restarting your computer and see if it will boot normally.
  • 0

#14
Wheelyjohn

Wheelyjohn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
OK I did that and everything seemed to work successfully. RE-booted and went to download a new copy of mse and the machine died again. I had clicked on Chrome and I don't think that it had opened, but it happens very suddenly.
Wheelyjohn
  • 0

#15
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Since MSE might have been part of the problem in the beginning, please wait before reinstalling it. Now, let's see if we can see what's caused the crash.

Download WhoCrashed. This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.

  • Put a tick in Accept then click on Next.
  • Place a checkmark in Don't create a start menu folder then click Next.
  • Place a checkmark in Create a Desktop Icon.
  • then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish.
  • Click Analyze
  • It will want to download the Debugger and install it Say Yes
  • WhoCrashed will create report but you have to scroll down to see it.
  • Copy and paste it into your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP