Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Old and Slow


  • Please log in to reply

#1
moviewatcher

moviewatcher

    Member

  • Member
  • PipPip
  • 12 posts
Hi there!

This is an old computer that we have and rarely use. Why? Because often times along the top of the screen it says (Not Responding) and the mouse arrow spins around in circles and I have to wait an eternity. In the past, I did a few System Recoveries thinking that would put everything back to factory settings and speed up the computer, but it is still slow.

A friend spoke highly of your website, so I thought I'd try and ask for your help. Can someone please take a look?

Thank you very much.

OTL logfile created on: 7/18/2013 4:17:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Connor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.77 Mb Total Physical Memory | 312.06 Mb Available Physical Memory | 30.78% Memory free
2.24 Gb Paging File | 1.21 Gb Available in Paging File | 54.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.89 Gb Total Space | 173.43 Gb Free Space | 76.78% Space Free | Partition Type: NTFS
Drive D: | 6.99 Gb Total Space | 0.88 Gb Free Space | 12.59% Space Free | Partition Type: NTFS

Computer Name: CONNOR-PC | User Name: Connor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/18 16:15:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Connor\Desktop\OTL.exe
PRC - [2013/07/18 12:26:22 | 001,123,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.155.29.0.exe
PRC - [2013/05/02 08:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/07/10 11:06:49 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
PRC - [2009/07/10 11:06:46 | 000,766,632 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
PRC - [2009/07/01 10:13:31 | 000,602,792 | ---- | M] ( ) -- C:\WINDOWS\System32\dleacoms.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/18 07:46:00 | 004,349,952 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2006/11/20 04:34:52 | 000,155,648 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/29 13:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 13:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/09/28 06:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/09/03 11:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/05/17 00:15:10 | 000,071,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe


========== Modules (No Company Name) ==========

MOD - [2009/07/10 11:06:49 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
MOD - [2009/07/10 11:06:46 | 000,766,632 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
MOD - [2009/06/22 10:08:44 | 000,196,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epoemdll.dll
MOD - [2009/06/22 10:08:43 | 000,045,056 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epstring.dll
MOD - [2009/06/22 10:08:41 | 002,203,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizres.dll
MOD - [2009/06/22 10:08:27 | 000,708,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizard.dll
MOD - [2009/06/22 10:06:32 | 000,159,744 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\customui.dll
MOD - [2009/06/22 10:06:09 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epfunct.dll
MOD - [2009/06/22 10:06:03 | 000,114,688 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\eputil.dll
MOD - [2009/06/22 10:05:49 | 000,139,264 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\imagutil.dll
MOD - [2009/05/29 11:09:48 | 001,159,168 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleadrs.dll
MOD - [2009/05/29 11:08:53 | 000,389,120 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleascw.dll
MOD - [2009/05/27 09:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\System32\spool\drivers\w32x86\3\dleadatr.dll
MOD - [2009/05/26 17:17:13 | 000,086,118 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\DLEAcfg.dll
MOD - [2009/04/07 16:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\iptk.dll
MOD - [2009/03/10 02:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacaps.dll
MOD - [2009/03/05 14:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacnv4.dll
MOD - [2009/03/02 11:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleaptp.dll
MOD - [2006/11/28 13:17:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll
MOD - [2006/11/28 13:12:28 | 000,077,824 | ---- | M] () -- C:\WINDOWS\System32\hccutils.dll


========== Services (SafeList) ==========

SRV - [2013/06/26 13:28:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/07/01 10:13:31 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dleacoms.exe -- (dlea_device)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/29 13:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/09/11 17:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/09/11 17:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/09/11 16:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/09/11 16:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/09/03 11:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 00:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/05/10 10:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{375E7B58-CF28-444E-806B-35F85C25318F}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{92A7A0A2-B600-4B41-9DD6-666F08D892DE}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKLM\..\SearchScopes\{944DA826-F6EF-410D-9CC3-844C598DBEAF}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {375E7B58-CF28-444E-806B-35F85C25318F}
IE - HKCU\..\SearchScopes\{375E7B58-CF28-444E-806B-35F85C25318F}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7AURU_enUS500
IE - HKCU\..\SearchScopes\{92A7A0A2-B600-4B41-9DD6-666F08D892DE}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKCU\..\SearchScopes\{944DA826-F6EF-410D-9CC3-844C598DBEAF}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...ct=sb&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EADBAC64-E116-44EA-B078-8E5721F1B929}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Connor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Connor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/18 16:15:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Connor\Desktop\OTL.exe
[2013/07/18 16:14:57 | 000,000,000 | ---D | C] -- C:\Users\Connor\AppData\Roaming\AdobeUM
[2013/06/27 03:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2013/06/26 15:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

========== Files - Modified Within 30 Days ==========

[2013/07/18 16:15:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Connor\Desktop\OTL.exe
[2013/07/18 16:03:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/18 15:57:52 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 15:57:52 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 15:57:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/18 15:57:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/18 15:57:21 | 1063,743,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 15:54:54 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/13 04:12:02 | 000,423,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/12 18:54:45 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/06 13:46:53 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/06 13:46:53 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/26 15:24:14 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2013/06/26 15:24:14 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/06/26 15:15:25 | 000,001,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/16 23:05:24 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dleavs.dll
[2013/01/16 23:05:21 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\dleacoin.dll
[2013/01/16 23:05:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dleagcfg.dll
[2013/01/16 23:05:13 | 000,294,912 | ---- | C] () -- C:\Windows\System32\dleacui.dll
[2013/01/16 23:05:13 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dleacuir.dll
[2013/01/16 23:03:43 | 000,372,736 | ---- | C] () -- C:\Windows\System32\DLEAwupd.dll
[2013/01/16 23:03:43 | 000,213,672 | ---- | C] () -- C:\Windows\System32\DLEAwupd.exe
[2013/01/16 23:03:01 | 001,056,768 | ---- | C] ( ) -- C:\Windows\System32\dleaserv.dll
[2013/01/16 23:03:01 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dleausb1.dll
[2013/01/16 23:03:01 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\dleacomc.dll
[2013/01/16 23:03:01 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\dleahbn3.dll
[2013/01/16 23:03:01 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\dleapmui.dll
[2013/01/16 23:03:01 | 000,602,792 | ---- | C] ( ) -- C:\Windows\System32\dleacoms.exe
[2013/01/16 23:03:01 | 000,581,632 | ---- | C] ( ) -- C:\Windows\System32\dlealmpm.dll
[2013/01/16 23:03:01 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\DLEAhcp.dll
[2013/01/16 23:03:01 | 000,385,024 | ---- | C] () -- C:\Windows\System32\DLEAinst.dll
[2013/01/16 23:03:01 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dleacomm.dll
[2013/01/16 23:03:01 | 000,369,320 | ---- | C] ( ) -- C:\Windows\System32\dleacfg.exe
[2013/01/16 23:03:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dleainpa.dll
[2013/01/16 23:03:01 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\dleaiesc.dll
[2013/01/16 23:03:01 | 000,328,360 | ---- | C] ( ) -- C:\Windows\System32\dleaih.exe
[2013/01/16 23:03:01 | 000,323,584 | ---- | C] () -- C:\Windows\System32\dleains.dll
[2013/01/16 23:03:01 | 000,262,144 | ---- | C] () -- C:\Windows\System32\dleainsb.dll
[2013/01/16 23:03:01 | 000,253,952 | ---- | C] () -- C:\Windows\System32\dleacu.dll
[2013/01/16 23:03:01 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dleagrd.dll
[2013/01/16 23:03:01 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dleainsr.dll
[2013/01/16 23:03:01 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dleacub.dll
[2013/01/16 23:03:01 | 000,086,118 | ---- | C] () -- C:\Windows\System32\DLEAcfg.dll
[2013/01/16 23:03:01 | 000,057,344 | ---- | C] () -- C:\Windows\System32\dleajswr.dll
[2013/01/16 23:03:01 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dleacur.dll
[2013/01/16 23:02:52 | 000,299,008 | ---- | C] () -- C:\Windows\System32\DLEAsm.dll
[2013/01/16 23:02:52 | 000,028,672 | ---- | C] () -- C:\Windows\System32\DLEAsmr.dll
[2013/01/15 01:15:11 | 000,306,688 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2013/01/15 01:15:11 | 000,302,592 | ---- | C] () -- C:\Windows\System32\pgp.dll
[2013/01/15 01:15:11 | 000,095,232 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2013/01/15 01:15:11 | 000,093,184 | ---- | C] () -- C:\Windows\System32\keydb.dll
[2013/01/15 01:15:11 | 000,070,656 | ---- | C] () -- C:\Windows\System32\simple.dll
[2013/01/15 01:15:11 | 000,065,024 | ---- | C] () -- C:\Windows\System32\bn.dll
[2012/10/14 14:07:44 | 000,000,056 | ---- | C] () -- C:\Users\Connor\AppData\Roaming\mbam.context.scan
[2012/10/13 13:01:19 | 000,000,058 | ---- | C] () -- C:\Windows\winhelp.ini
[2012/07/23 00:12:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/07/23 00:12:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/07/23 00:12:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/07/21 23:10:26 | 000,003,584 | ---- | C] () -- C:\Users\Connor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/06 10:49:12 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\DVD-Cloner

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 7/18/2013 4:17:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Connor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.77 Mb Total Physical Memory | 312.06 Mb Available Physical Memory | 30.78% Memory free
2.24 Gb Paging File | 1.21 Gb Available in Paging File | 54.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.89 Gb Total Space | 173.43 Gb Free Space | 76.78% Space Free | Partition Type: NTFS
Drive D: | 6.99 Gb Total Space | 0.88 Gb Free Space | 12.59% Space Free | Partition Type: NTFS

Computer Name: CONNOR-PC | User Name: Connor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6E4D0C23-430D-45F1-BCBA-D322838F7369}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{F594E679-9FC2-44FB-962A-B42E83003335}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DEA008-7F92-4021-9A06-1917DE797F76}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{074A457C-1200-4CDD-874B-7B85F4A59950}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{281905C7-4AC4-4727-9E8D-D07D464FF30B}" = protocol=6 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{291DC6DC-5A3E-42DB-B5C8-4A1487B9D56B}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{2AEBD369-2EEF-4550-A254-C39870C9E81C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2F1A2DD5-8B95-455C-A927-12CF29D89823}" = protocol=17 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{3B9F5352-3A7E-4803-8FF2-363C5C3F9F41}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4DF4288F-38E6-43D3-944C-10D0EB0EA33E}" = protocol=6 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{6D29314F-A921-4210-A3D9-0ED1C8A80F07}" = protocol=17 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{6ECA1E88-D3F6-4E85-846D-7B9D7EB9589C}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{70BDEA2B-3AB3-47B9-9FC4-D4D330A72290}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{75048A0B-81A3-415B-91A3-D4C80797EBDF}" = protocol=6 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{77A5B4A4-5E73-489A-9865-883F6FBE1781}" = dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections |
"{7CF0EE16-BB67-4521-8CDC-91543AD661E2}" = protocol=17 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
"{8EE82889-91EE-4FAE-A695-B2F3086FC876}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AFCA4DA7-57E7-42F3-A1FD-2D041C0BA28A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C572147A-5F66-4839-8F3E-579E9B95B9E6}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{D170B0DE-369F-4402-9916-EDB215840397}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{DE534360-57C0-4481-AA8B-641B875F1C37}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E0406978-7273-43D0-99B0-32732DFD37BC}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E81DABA8-088B-4C31-B06C-845B656933F1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{E94EA859-7BD7-4554-9CE2-90FF9A9D5F5C}" = dir=in | app=c:\windows\system32\dleacoms.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}" = HP Total Care Advisor
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"CreataCard Gold 3" = CreataCard Gold 3
"Dell V310-V510 Series" = Dell V310-V510 Series
"DVD-CLONER IV_is1" = DVD-CLONER V4.70 Build 926
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HPOOVClient-3572475 Uninstaller" = Compaq Connections (remove only)
"Intel® Configuration Center" = Intel® Viiv™ Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Masque Casino Games II" = Masque Casino Games II
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"WildTangent hpdesktop Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/3/2012 6:13:05 AM | Computer Name = Connor-PC | Source = WerSvc | ID = 5007
Description =

Error - 7/4/2012 1:20:45 AM | Computer Name = Connor-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18928, time stamp
0x4bdfa327, faulting module AcroPDF.dll, version 7.0.8.0, time stamp 0x446aa70a,
exception code 0xc0000005, fault offset 0x0002fdb3, process id 0x14a4, application
start time 0x01cd59a45e828d61.

Error - 7/4/2012 1:20:49 AM | Computer Name = Connor-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18928 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c68 Start Time: 01cd599d204829f9 Termination Time: 0

Error - 10/14/2012 4:40:44 PM | Computer Name = Connor-PC | Source = Application Error | ID = 1000
Description = Faulting application mjcd15b2.exe, version 0.0.0.0, time stamp 0x38a20d0e,
faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception
code 0xc0000005, fault offset 0x00047ae2, process id 0xe38, application start time
0x01cdaa4c1d12cc20.

Error - 1/15/2013 4:43:40 AM | Computer Name = Connor-PC | Source = EventSystem | ID = 4609
Description =

Error - 1/28/2013 5:12:44 PM | Computer Name = Connor-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc,
exception code 0xc0000374, fault offset 0x000b0dbc, process id 0x78c, application
start time 0x01cdfc5f6dfb6615.

Error - 1/28/2013 8:32:13 PM | Computer Name = Connor-PC | Source = ESENT | ID = 215
Description = WinMail (1320) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

[ System Events ]
Error - 6/27/2013 5:39:10 AM | Computer Name = Connor-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 6/27/2013 5:39:17 AM | Computer Name = Connor-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 6/27/2013 5:39:23 AM | Computer Name = Connor-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 6/27/2013 5:39:30 AM | Computer Name = Connor-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 6/27/2013 5:39:36 AM | Computer Name = Connor-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 6/27/2013 5:39:42 AM | Computer Name = Connor-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 6/27/2013 7:14:36 AM | Computer Name = Connor-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/6/2013 4:40:51 PM | Computer Name = Connor-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/13/2013 7:13:02 AM | Computer Name = Connor-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/18/2013 6:59:09 PM | Computer Name = Connor-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
With only 1 GB of RAM it's going to be slow loading no matter what we do but should be OK once it loads. Do the following (if a step won't work just go on to the next.) You can post the logs as you get them.

First: Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

This will remove a lot of the adware that you have had foisted on you.

Second: Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

This lets me see if some process is hogging the CPU.

Third: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Fourth: Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.


Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:

Reboot.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

This checks and tries to repair your critical system files and also shows me if there are any errors which may be slowing you down.

Fifth: Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy by right clicking and Run As Admin. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Close and Save the file then Attach the file to your next post. Uninstall Speccy.

This allows me to see the temperatures on your PC as well as the condition of your hard drive and a lot of other stuff. A hot PC is a slow PC since the CPU will run slower to protect itself. A sick drive can also slow you down if the CPU has to ask twice or more for the data it wants.

Ron
  • 0

#3
moviewatcher

moviewatcher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Ron,

Thanks so much for taking a look at this. Is there a way to increase the RAM? Here is the adwCleaner log. I'll continue working on the other steps. And what a lot of steps there are! :o :)

# AdwCleaner v2.306 - Logfile created 07/19/2013 at 13:49:26
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Connor - CONNOR-PC
# Boot Mode : Normal
# Running from : C:\Users\Connor\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1944 octets] - [19/07/2013 13:49:26]

########## EOF - C:\AdwCleaner[S1].txt - [2004 octets] ##########
  • 0

#4
moviewatcher

moviewatcher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello again Ron,

Here is the Second Step Process Explorer


Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 90.00 0 K 24 K 0
procexp.exe 6.92 20,388 K 33,120 K 1848 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 1.54 37,472 K 34,288 K 1812 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.77 43,984 K 41,132 K 1204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.77 0 K 0 K n/a Hardware Interrupts and DPCs
System < 0.01 0 K 572 K 4
csrss.exe < 0.01 1,864 K 7,216 K 632 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe < 0.01 28,304 K 39,388 K 1916 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 7,960 K 6,916 K 1368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe < 0.01 8,504 K 7,456 K 1788 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 4,252 K 3,656 K 4044 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
ezprint.exe < 0.01 7,632 K 4,236 K 2972 (Verified) Lexmark International
csrss.exe < 0.01 1,672 K 2,376 K 588 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 30,788 K 12,212 K 2096 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 57,344 K 27,980 K 1216 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
XAudio.exe 776 K 508 K 2200 Modem Audio Service Conexant Systems, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
WUDFHost.exe 3,364 K 2,100 K 2380 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wmpnscfg.exe 1,716 K 2,016 K 3976 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,904 K 5,284 K 2504 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1,972 K 2,060 K 716 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,228 K 1,272 K 640 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 9,156 K 6,360 K 1884 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,988 K 3,236 K 340 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,376 K 3,564 K 948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 15,916 K 9,240 K 1552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 15,744 K 8,492 K 1164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,192 K 3,884 K 888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 11,924 K 8,500 K 1840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,984 K 1,812 K 1320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,092 K 1,996 K 1068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,376 K 3,088 K 1468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 540 K 764 K 2052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,728 K 10,144 K 3780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 296 K 260 K 456 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SLsvc.exe 6,088 K 1,972 K 1336 Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
services.exe 2,568 K 4,124 K 676 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RtHDVCpl.exe 9,856 K 2,944 K 2932 HD Audio Control Panel Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
PresentationFontCache.exe 15,044 K 13,508 K 2696 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
OSD.exe 2,416 K 1,544 K 2744 OsdMaestro main program OsdMaestro (No signature was present in the subject) OsdMaestro
msseces.exe 5,792 K 5,980 K 2984 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
MsMpEng.exe 52,524 K 8,812 K 984 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
mobsync.exe 3,312 K 3,004 K 2656 Microsoft Sync Center Microsoft Corporation (Verified) Microsoft Windows
LSSrvc.exe 1,032 K 992 K 2012 Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
lsm.exe 1,884 K 1,772 K 724 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 3,200 K 892 K 708 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
kbd.exe 9,904 K 6,792 K 3616 KBD EXE Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
igfxpers.exe 1,252 K 1,684 K 2920 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IAANTmon.exe 672 K 720 K 712 RAID Monitor Intel Corporation (No signature was present in the subject) Intel Corporation
IAAnotif.exe 3,144 K 2,332 K 2784 Event Monitor User Notification Tool Intel Corporation (No signature was present in the subject) Intel Corporation
hpwuSchd2.exe 920 K 936 K 2948 Hewlett-Packard Product Assistant Hewlett-Packard Co. (No signature was present in the subject) Hewlett-Packard Co.
hpsysdrv.exe 712 K 560 K 2704 hpsysdrv Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
hkcmd.exe 1,412 K 1,688 K 2840 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
ehtray.exe 2,140 K 1,348 K 3044 Media Center Tray Applet Microsoft Corporation (Verified) Microsoft Windows
ehmsas.exe 1,084 K 1,616 K 3192 Media Center Media Status Aggregator Service Microsoft Corporation (Verified) Microsoft Windows
DQLWinService.exe 948 K 884 K 344 DQLWinSe Application (No signature was present in the subject)
dleamon.exe 5,652 K 2,864 K 2956 Printer Device Monitor (Verified) Lexmark International
dleacoms.exe 3,916 K 3,536 K 1832 Printer Communication System (Verified) Microsoft Windows Hardware Compatibility Publisher
audiodg.exe 15,948 K 11,856 K 1296 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
  • 0

#5
moviewatcher

moviewatcher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ron,

I didn't have any problems with doing the "sfc /scannow". You didn't want a log from that, did you? Then I did this step "Fourth: Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application." which cleared the log??? Let me know if I should do the "sfc /scannow" over again.

Below is ESET's Service Repair log. I wanted to mention that just doing the steps you've had me do so far has already speeded up my PC! :D


Log Opened: 2013-07-19 @ 18:03:30
18:03:30 - -----------------
18:03:30 - | Begin Logging |
18:03:30 - -----------------
18:03:30 - Fix started on a WIN_VISTA X86 computer
18:03:30 - Prep in progress. Please Wait.
18:03:32 - Prep complete
18:03:32 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
18:03:34 - Services Repair Complete.
18:03:46 - Reboot Initiated
  • 0

#6
moviewatcher

moviewatcher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Vino's Event Viewer - System

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 19/07/2013 6:34:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/07/2013 1:06:55 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Vino's Event Viewer - Application

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 19/07/2013 6:39:45 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Once is enough for sfc.

You can probably add more RAM. Can you tell me the make and model of the PC?
  • 0

#8
moviewatcher

moviewatcher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi again,

Here is the last step (Speccy). I feel bad that you have to look through all these logs. :( Since it's the weekend, I don't mind waiting till Monday for a reply.

Attached File  CONNOR-PC.txt   164.68KB   34 downloads
  • 0

#9
moviewatcher

moviewatcher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
HI Ron!

My computer is a Compaq Presario SR5050NX. Have a great weekend!!!
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Believe it or not I do this for fun so I don't mind reading through logs. I don't need to read every line anyway. Just scan through to the critical sections. Also I'm retired so every day is a weekend.

Your Speccy log shows your PC is running a little warm. I expect you are getting some dust buildup. Time to turn it off but leave it plugged up, open it up and clean out the dust with a vacuum cleaner hose and a small soft brush. Pay special attention to the CPU heatsink and also to the vents at the front of the PC.

Your computer can take up to 4 GB. You have 4 slots and are only using 2 so you would get a noticeable difference by adding two 512 MB DDR2 but looking on Amazon you can get 2 1 GBs for $20 + $5 shipping (about the same price as 2 512MB) so that would be the way to go. That would give you a total of 3 GB which should make a huge difference in bootup time.

Something like this should work for you:

http://www.amazon.co..._pr_product_top

You just need to make sure it is 240 Pin desktop and not laptop RAM and that it is DDR2 Non-ECC

Can be PC2 3200 (400 MHz), PC2 4200 (533 MHz) and PC2 5300 (667 MHz) DDR2 per Compaq but the 5300 would be the fastest. You have PC2 4200 in there now. Probably best if you get PC2 5300 (667) to put them in the slots where the current memory is and put the slower memory in the currently unused slots. When working with RAM, make sure PC is off but plugged up, touch the metal of the PC before touching the RAM and do not touch the gold pins. Hold the RAM by the edges and make sure it is fully seated and the little retaining clips have fully seated.

I don't see any evidence of hard drive problems but it wouldn't hurt to run a disk check:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check then restart it. The disk check should run and will probably take an hour or two to finish.

Also wouldn't hurt to defrag it. Vista is supposed to defrag automatically but it won't hurt to make sure.

http://windows.micro...-your-hard-disk

They say you can use your computer while defrag is going on. I think that's a bad idea. I would also disable the anti-virus while the defrag is running.

Just to make sure there isn't any malware hiding you can run the on-line ESET scan. This takes a while (hours) and you shouldn't use it while it runs either. Also helps to pause the anti-virus.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

You can use Firefox if you want to but it will need to install an add-on and restart Firefox before it can work.
  • 0

Advertisements


#11
moviewatcher

moviewatcher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Ron,

I'm glad fixing computers is a fun hobby for you! I'm glad I found out about your site too!

I ordered the 2 GBs from Amazon as you suggested. I plan on vaccuming the computer when I install the GBs so I only have to open the computer once. Next, I started up the Disk Check and walked away from the computer. When I came back, my desktop was on display, so I assume it finished with no problems. I did the defrag next and I assume that finished okay too. I guess I was expecting pop up boxes to let me know things had finished, but I didn't get any.

I did run into a problem with ESET though. After checking Scan Archives and pushing Start, I got the message Can not get update. Is proxy configured? I tried it 3 times. I don't know what "proxy configured" means, but I'm sure you do! ;)
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
You don't have a proxy showing and there's no firewall other than Windows so I'm not sure why it is not working. Is this a company PC? Sometimes companies will have proxies, separate firewalls or filters that block traffic to certain sites. I just checked it on mine and it's working but slower than I remember so the site may be having problems. Sometimes it helps to pause your anti-virus and right click on IE and Run As Admin. If you can't get it to work we can try aswMBR instead. Download aswMBR.exe to your desktop.
Pause your anti-virus.
Right click the aswMBR.exe and select Run As Administrator to run it.

Yes.

uncheck trace disk IO calls


Change AV scan: from Quickscan to C:\
then press SCAN. Allow the download of the Avast Engine.

I would expect it take a few hours.
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
  • 0

#13
moviewatcher

moviewatcher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Ron,

This is an old computer in my house, not a company computer. ESET must have been having problems with their site because when I tried it today, it worked! Sorry, I don't have a log to copy for you. After it finished running, it said No threats found and there wasn't anything to push for Export to text file, so I checked the box to uninstall it on Close.

I guess my computer is good to go? Except for the RAM I'm waiting on. Thank you for posting the instructions on how to install them.
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.


OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow starting.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. If that is the case then you should go to Control panel, Java, Security and push the slider to the top. Apply.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#15
moviewatcher

moviewatcher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello Again Ron,

I read through your last post and did the last OTL step, deleted the tools and logs, installed FileHippo and did the updates. I want to THANK YOU again! I'm still waiting for the RAM. Amazon informed me that it should arrive between Thursday and Tuesday. Can't wait to install it and see how fast my computer gets! :lol:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP