Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Just checking computer is clean


  • Please log in to reply

#1
ozegirl

ozegirl

    Member

  • Member
  • PipPipPip
  • 375 posts
This is a Win 7 Starter netbook. It's not used very often as it is used just to plug in some scientific tools via USB which take measurements. It is not normally used for internet though it has been used on occasion. Because of this, when it is connected to the internet there are masses of updates to download. I think the computer is clean, but just wanted to check as the last lot of updates had over 15000 file updates and the computer seems very slow. There may be some entries on the log that look "foreign" but they could relate to the scientific hardware and software, so please bear that in mind in trying to identify potential threats.

Thanks for looking.

Sorry, forgot I was supposed to copy and paste rather than attach. Here it is:

OTL logfile created on: 10/3/2013 6:56:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Howard\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1014.12 Mb Total Physical Memory | 322.93 Mb Available Physical Memory | 31.84% Memory free
1.99 Gb Paging File | 1.15 Gb Available in Paging File | 57.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 64.65 Gb Free Space | 64.65% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 117.58 Gb Free Space | 99.76% Space Free | Partition Type: NTFS
Drive L: | 464.84 Gb Total Space | 104.53 Gb Free Space | 22.49% Space Free | Partition Type: NTFS

Computer Name: ABS | User Name: Howard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/29 10:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Howard\Desktop\OTL.exe
PRC - [2013/08/29 10:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/02/18 03:18:18 | 003,696,632 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/11/23 12:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/23 00:09:54 | 000,813,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2012/08/23 00:09:34 | 000,403,328 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012/08/23 00:08:50 | 006,010,264 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012/08/18 20:18:30 | 007,017,888 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/07/24 14:13:58 | 000,941,440 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2011/01/13 15:09:38 | 000,191,304 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
PRC - [2011/01/12 15:22:26 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
PRC - [2010/11/23 05:12:34 | 001,086,888 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/16 06:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\Asus\CapsHook\CapsHook.exe
PRC - [2010/09/04 05:02:08 | 001,245,104 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/09/03 08:01:42 | 000,095,744 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2010/06/11 07:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\Asus\Eee Docking\Eee Docking.exe
PRC - [2010/06/10 08:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/04/13 17:32:40 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/04/07 15:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2009/08/19 11:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/29 10:25:02 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/08/29 10:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/08/25 14:07:18 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\91c0925fd175c895d367e2d54b395ddd\Microsoft.VisualBasic.ni.dll
MOD - [2013/08/25 13:24:13 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/25 13:23:19 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/25 13:20:15 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/25 13:19:48 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/25 13:19:44 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/30 12:20:40 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/08/23 00:12:16 | 000,019,840 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2012/08/22 23:32:28 | 001,525,120 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Home\icudt38.dll
MOD - [2011/01/13 15:09:38 | 000,191,304 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
MOD - [2010/09/02 21:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll
MOD - [2010/06/11 07:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\Asus\Eee Docking\Eee Docking.exe


========== Services (SafeList) ==========

SRV - [2013/09/22 08:16:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/27 14:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/18 03:18:18 | 003,696,632 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/08/23 00:09:54 | 000,813,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/08/18 20:18:30 | 007,017,888 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/01/12 15:22:26 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2009/08/19 11:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwampfl.sys -- (btwampfl)
DRV - [2013/10/03 06:33:29 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AACBCE1-5104-4C96-9ECC-A5F31E377976}\MpKsl35e561d0.sys -- (MpKsl35e561d0)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/02/18 03:18:25 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2013/02/18 03:18:02 | 000,806,184 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2013/02/18 03:17:52 | 000,689,672 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tib_mounter.sys -- (tib_mounter)
DRV - [2013/02/18 03:17:45 | 000,139,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2013/02/18 03:17:44 | 000,099,720 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vidsflt.sys -- (vidsflt)
DRV - [2013/02/18 03:17:41 | 000,192,904 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2013/02/18 03:17:39 | 000,093,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2011/06/27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/27 17:23:58 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/03/31 11:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/12/05 05:30:22 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/12/05 05:30:22 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/07/22 15:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/20 19:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)



O1 HOSTS File: ([2009/06/11 07:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\Asus\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E308B4-CDFB-44BB-9A5B-EED01211E0CA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E901B0C9-62DF-4B43-A359-7486C2A680F3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/03 06:56:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Howard\Desktop\OTL.exe
[2013/10/02 12:15:44 | 000,000,000 | ---D | C] -- C:\Users\Howard\AppData\Local\Adobe
[2013/09/22 07:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2013/09/19 06:08:56 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\windows\System32\dpl100.dll
[2013/09/03 19:25:43 | 000,000,000 | ---D | C] -- C:\windows\System32\MRT
[2012/01/07 13:05:53 | 537,872,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Howard\X16-18984.exe

========== Files - Modified Within 30 Days ==========

[2013/10/03 06:39:18 | 000,010,000 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/03 06:39:18 | 000,010,000 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/03 06:31:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/03 06:31:39 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/03 04:41:50 | 000,619,642 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/10/03 04:41:50 | 000,107,792 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/10/02 12:15:16 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/09/29 10:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Howard\Desktop\OTL.exe
[2013/09/29 10:24:39 | 000,427,824 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/09/22 07:26:55 | 000,000,000 | ---- | M] () -- C:\END
[2013/09/19 06:08:56 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\windows\System32\dpl100.dll
[2013/09/08 11:41:57 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2013/09/22 07:26:55 | 000,000,000 | ---- | C] () -- C:\END
[2013/09/08 11:41:57 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/01/22 08:02:01 | 000,000,082 | ---- | C] () -- C:\windows\MPLAYER.INI
[2013/01/22 07:57:41 | 001,680,896 | ---- | C] () -- C:\windows\System32\LTCLR13n.dll
[2013/01/22 07:57:34 | 000,122,880 | ---- | C] () -- C:\windows\System32\LFKODAK.DLL
[2013/01/22 07:57:33 | 000,338,944 | ---- | C] () -- C:\windows\System32\lffpx7.dll
[2012/01/07 08:56:06 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2012/01/07 08:53:33 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2012/01/07 08:52:51 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2012/01/07 08:52:51 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2011/02/10 17:43:55 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 11:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/18 07:12:30 | 000,000,000 | ---D | M] -- C:\Users\Howard\AppData\Roaming\Acronis
[2013/01/22 10:02:47 | 000,000,000 | ---D | M] -- C:\Users\Howard\AppData\Roaming\ASUS WebStorage
[2011/02/10 17:44:17 | 000,000,000 | ---D | M] -- C:\Users\Howard\AppData\Roaming\E-Cam
[2013/03/08 17:12:01 | 000,000,000 | ---D | M] -- C:\Users\Howard\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   46.05KB   165 downloads

Edited by ozegirl, 02 October 2013 - 05:01 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.



Ron
  • 0

#3
ozegirl

ozegirl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 375 posts
Thanks very much for your quick response. A little more background on the computer first.

This laptop is used primarily for scientific measurements via a specialised piece of equipment that is connected via USB. The software that accompanies the hardware is licensed, but in order to obtain a license, it is necessary to phone and get a license key that is time-sensitive to the installation. That is to say, if the program needs to be reinstalled, a new key has to be obtained from USA (I’m in Australia) as the old key won’t work on installation due to the key being date & time dependent.

It is obviously very sensitive to particular versions of files and the time and date stamps on them as some time ago after doing a system restore I had to reinstall the program and get a new key.

For that reason I’m not real keen on doing the sfc /scannow. It may alter some files that have been tweaked for this program and that would mean having to reinstall and having to get a new license key. Are you happy for me to leave this step out? I know in most cases running this tool won’t cause problems for most people, but I don’t want to risk causing issues with this program which is needed to be up and running on a daily basis. Just from reading ahead, it seems that all the other tools will only generate logs and not cause any changes to the system?
I don’t see any peculiar behaviour with the netbook, just that it seems slow but that could just be because it has a pretty mediocre processor, etc and there is a lot of pre-installed “bloat” on there.

My main concern was whether there was also any malware. Can you tell already from the OTL log if there is any or are these other scans required to determine that? Or are you 95% sure but just checking? Or are these other scans just to determine the cause of the slowness?
I have done the first part and posted the log below. However wrt the CPU I clicked twice but then realised that the larger numbers were at the bottom so clicked again to reverse them to the top.
The file saved on the desktop was not called Procexp.txt but SystemIdle Process. I did the next step and cleared the logs and rebooted but after posting here will need to shut down again until I hear back from you.

HERE IS THE LOG:

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
MsMpEng.exe 48.49 64,580 K 40,756 K 1084 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
System Idle Process 29.64 0 K 24 K 0
procexp.exe 15.39 36,116 K 53,044 K 1828 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
syncagentsrv.exe 1.67 4,160 K 3,588 K 396 TrueImage Sync Agent Service Acronis (Verified) Acronis
System 1.22 64 K 5,332 K 4
svchost.exe 1.08 7,756 K 7,808 K 1392 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.51 3,564 K 3,316 K 1020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 0.51 2,088 K 5,424 K 5588 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.50 6,640 K 7,364 K 572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.25 41,748 K 60,184 K 5980 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.23 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 0.20 10,816 K 6,616 K 712 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.14 20,332 K 7,500 K 4100 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.06 45,604 K 40,596 K 1236 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
TrueImageMonitor.exe 0.04 6,600 K 3,540 K 3864 Acronis True Image Monitor Acronis (Verified) Acronis
svchost.exe 0.03 9,976 K 5,324 K 1800 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ETDCtrl.exe 0.02 3,384 K 2,312 K 2740 ETD Control Center ELAN Microelectronic Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
csrss.exe 0.02 1,312 K 1,484 K 660 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
schedhlp.exe 0.01 948 K 568 K 3900 Acronis Scheduler Helper Acronis (Verified) Acronis
svchost.exe < 0.01 29,368 K 25,684 K 1268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 16,564 K 12,184 K 1572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE < 0.01 4,472 K 1,528 K 2188 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
DivXUpdate.exe < 0.01 5,828 K 1,944 K 3908 DivX Update (Verified) DivX
HotKeyMon.exe < 0.01 1,148 K 1,244 K 2956 AsEPCMon ASUSTeK Computer Inc. (No signature was present in the subject) ASUSTeK Computer Inc.
wmpnetwk.exe 5,256 K 5,112 K 4428 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 1,924 K 2,700 K 3196 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 644 K 228 K 2380 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 1,896 K 1,832 K 752 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 932 K 160 K 720 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
VAWinService.exe 9,820 K 2,956 K 2120 (Verified) VideACE Technology Co.
VAWinAgent.exe 684 K 412 K 2972 (Verified) VideACE Technology Co.
TrustedInstaller.exe 3,528 K 4,004 K 3512 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
TibMounterMonitor.exe 2,492 K 684 K 3888 Acronis TIB Monitor Acronis (Verified) Acronis
taskhost.exe 2,400 K 1,476 K 2064 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 14,184 K 7,392 K 1204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,996 K 2,988 K 944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,100 K 472 K 1480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,748 K 700 K 3292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 708 K 408 K 664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 708 K 400 K 1128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SuperHybridEngine.exe 1,460 K 632 K 2988 Eee Super Hybrid Engine ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
spoolsv.exe 6,828 K 3,024 K 1728 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 256 K 188 K 464 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 4,308 K 3,672 K 816 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
schedul2.exe 1,212 K 1,384 K 1920 Acronis Scheduler 2 Acronis (Verified) Acronis
RtHDVCpl.exe 7,264 K 1,684 K 2860 Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
NisSrv.exe 5,580 K 2,420 K 4984 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
msseces.exe 4,608 K 4,736 K 3752 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
lsm.exe 1,312 K 1,340 K 840 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 4,452 K 6,056 K 832 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
LiveUpdate.exe 4,024 K 1,492 K 3060 Asus EeePC LiveUpdate for Bios, Driver, Software and Hotfix. AsusTek Computer Inc. (Verified) ASUSTeK Computer Inc.
igfxsrvc.exe 1,556 K 1,920 K 4036 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 1,116 K 644 K 3400 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
HotkeyService.exe 1,764 K 1,544 K 3048 Asus Eee PC Hotkey Service ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
hkcmd.exe 1,324 K 740 K 3220 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
GrooveMonitor.exe 1,692 K 2,024 K 3108 GrooveMonitor Utility Microsoft Corporation (Verified) Microsoft Corporation
ETDCtrlHelper.exe 1,416 K 804 K 4136 ETD Control Center Helper ELAN Microelectronic Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
dwm.exe 1,388 K 2,776 K 2628 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
CapsHook.exe 1,168 K 832 K 3076 CapsAndNumKeyNotify ASUS (Verified) ASUSTeK Computer Inc.
audiodg.exe 17,384 K 15,708 K 3180 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
AsusService.exe 808 K 324 K 536 (No signature was present in the subject)
afcdpsrv.exe 3,572 K 1,464 K 1964 File Level CDP Manager Service Acronis (Verified) Acronis
acrotray.exe 1,456 K 548 K 3844 AcroTray Adobe Systems Inc. (No signature was present in the subject) Adobe Systems Inc.
  • 0

#4
ozegirl

ozegirl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 375 posts
How about I try this instead - just to be safe?

sfc /verifyonly
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I think sfc only checks Microsoft files so I would be surprised if it upset anything but feel free to just let it verify.

Your Process Explorer log show that Microsoft Security Essentials is doing something and I'm not sure why. Is it in the middle of a scan? Whatever it is doing is the probable cause of any slowness. If it's not running a scan then it may be fighting an infection or just broken.


I don't see anything in the OTL log but OTL can't see everything any more. The FRST scan is just a scan and won't make any changes. It can see more than OTL. VEW just reads the logs to see what errors are there. You should be able to run both without worrying about things getting changed.
  • 0

#6
ozegirl

ozegirl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 375 posts
Well the good news is that I ran sfc /verifyonly and it didn’t find anything wrong.
I next downloaded and ran VEW.

Here are the logs:

SYSTEM

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/10/2013 3:55:33 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/10/2013 5:32:13 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

Log: 'System' Date/Time: 04/10/2013 2:50:43 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/10/2013 5:33:47 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 04/10/2013 5:33:47 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 04/10/2013 3:07:57 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 04/10/2013 2:52:15 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 04/10/2013 2:52:15 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 04/10/2013 2:31:08 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

APPLICATIONS

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/10/2013 3:56:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/10/2013 3:07:51 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-2219393609-924368189-573705304-1000:
Process 840 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2219393609-924368189-573705304-1000
Process 840 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2219393609-924368189-573705304-1000
Process 840 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2219393609-924368189-573705304-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 840 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2219393609-924368189-573705304-1000\Software\Microsoft\SystemCertificates\My
Process 840 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2219393609-924368189-573705304-1000\Software\Microsoft\SystemCertificates\CA


I NEXT DOWNLOADED SPECCY

I downloaded Speccy as per instructions but in going through setup there were a number of extra steps agreeing to software installation etc etc until I got to the main installation screen. It looked as though it wanted to install extra toolbars & stuff as well so when I got to the screen where it asked if I wanted to install “Optimise something or other” or Skip, I chose Skip as I thought this would still install the main applicaion and skip the rubbish. It ran though and when finished it appeared I had installed the News.net toolbar and widget thing but nothing else could be found re Speccy. I wasn’t liking the look of this so I uninstalled the news.net thing – had to do that twice to get rid of the newsbar as well. Think I’ll give Speccy a miss, and wait till I hear your response to the other logs before proceeding further. I presume at this stage that OTL, procexp, VEW and the Speccy Setup files can be deleted and do not require an “uninstall”. Will I be able to delete any of the extra files and registry entries these things have brought with them as I am trying to streamline the installs I have not add to them!! :happy:

Note there is no CD ROM on this machine

MSE always starts up when the computer starts up and I had just restarted before running these tools.

Edited by ozegirl, 04 October 2013 - 12:39 AM.

  • 0

#7
ozegirl

ozegirl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 375 posts
I just also noticed somewhere along the line today a thing called Browser Safeguard was installed. I think the Speccy download might have been responsible judging by the time stamp on it. I've uninstalled it as well. I don't want to install anything else that comes with "extras". Especially as sometimes the un-installation of these extras can cause issues in themselves.

Edit - Oh, my bad, looks like I might have hit the wrong download button on the download page. Bit of a trap. I read the bit about the download in the top corner but by the time I got round to doing this I obviously wasn't thinking and hit the most obvious big download button a bit further down.... sorry, not your fault.

I have now downloaded Speccy. Before running it do I need to Run as Administrator and also does it uninstall safely? Thanks

Edited by ozegirl, 04 October 2013 - 01:02 AM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Sorry about the foistware Start Download button. I use Firefox with AdBlock Plus and I never see it. Had to fire up IE to see what you were talking about. Have updated the script to say: Do not press the large Start Download button on the upper left.

Your VEW log is showing:

Log: 'System' Date/Time: 04/10/2013 5:33:47 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 04/10/2013 5:33:47 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.



This may be a sign that the PC is overheating. The CPU will slow down when it gets too hot in order to protect itself. Will know more when I see the Speccy log. Might be better to right click on the speccy install file and run as admin. I just tried it without and it seemed to work and then crashed. Tried it a second time with Run As Admin and it worked fine. It uninstalls nicely.

Going to have to go to bed now. After midnight here in the Pacific Time Zone (Orcas is an island off the west coast of Washington state. Closest city is Seattle. Google Maps Olga, WA, USA if you are curious)
  • 0

#9
ozegirl

ozegirl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 375 posts
Yes I did see and remember to click the icon "on the right" but the one at the top was quite small, I saw it but then when I saw the much larger one underneath I thought that was the one to click, relating to the icon at the top... should have known better!

Edit - just realised you mentioned the button on the left. There is also a larger one on the right, under the list of speccy downloads. Just make sure people are aware the one top right is the ONLY one they should select. :)

Overheating possibly due to the fact I have been running the netbook all day while chasing through the various processes. Will do the Speccy tomorrow. Likewise it's dinner time here now.

I had looked to see where Orcas was as I was curious! Never been in that part of the world but my son who used to work on cruise ships would have passed you back and forth several times!

Edited by ozegirl, 04 October 2013 - 01:42 AM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
When you run Speccy, make sure the PC has been on for a while.
  • 0

Advertisements


#11
ozegirl

ozegirl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 375 posts
Here are the final two logs. I wasn't comfortable about the amount of information to be shared online about the computer, but nevertheless I have posted it, however as well as the main serial number, I have deleted my drive serial numbers, MAC addresses, external IP address and the name of my wireless internet as well.. I think the last two should certainly be included in the instructions.


FARBAR - FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Howard (administrator) on ABS on 05-10-2013 06:51:50
Running from C:\Users\Howard\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Windows\System32\AsusService.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\Asus\Eee Docking\Eee Docking.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-10] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1086888 2010-11-23] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] - C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-16] (ASUS)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-11] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [191304 2011-01-13] ()
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-02-10] (ASUSTek Computer Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [Acrobat Assistant 7.0] - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [6010264 2012-08-23] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] - C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [941440 2012-07-24] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [403328 2012-08-23] (Acronis)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKCU\...\Run: [News.net] - C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [IconPatch] - C:\Windows\AP\IconPatch.vbs
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2010-09-08] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [IconPatch] - C:\Windows\AP\IconPatch.vbs
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2010-09-08] (AsusTek Computer Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [813032 2012-08-23] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3696632 2013-02-18] (Acronis)
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7017888 2012-08-18] (Acronis)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()

==================== Drivers (Whitelisted) ====================

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-12-05] (FTDI Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKsl04c08e8a; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA7E4B9C-51E5-4CF8-9B93-C0B08B0A6855}\MpKsl04c08e8a.sys [40392 2013-10-05] (Microsoft Corporation)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [806184 2013-02-18] (Acronis)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [689672 2013-02-18] (Acronis)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [139336 2013-02-18] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [99720 2013-02-18] (Acronis)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
S3 btwampfl; system32\drivers\btwampfl.sys [x]
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-05 06:51 - 2013-10-05 06:51 - 00000000 ____D C:\FRST
2013-10-05 06:50 - 2013-10-05 06:49 - 01087213 _____ (Farbar) C:\Users\Howard\Desktop\FRST.exe
2013-10-05 06:34 - 2013-10-05 06:38 - 00189350 _____ C:\Users\Howard\Desktop\ABS.txt
2013-10-05 06:32 - 2013-10-05 06:32 - 00000937 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-10-05 06:32 - 2013-10-05 06:32 - 00000000 ____D C:\Program Files\Speccy
2013-10-04 17:00 - 2013-10-04 16:59 - 05552488 _____ (Piriform Ltd) C:\Users\Howard\Desktop\spsetup123.exe
2013-10-04 15:55 - 2013-10-04 15:56 - 00001769 _____ C:\VEW.txt
2013-10-04 15:54 - 2013-10-04 15:53 - 00061440 _____ ( ) C:\Users\Howard\Desktop\VEW.exe
2013-10-04 12:26 - 2013-10-04 12:26 - 00007208 _____ C:\Users\Howard\Desktop\System Idle Process.txt
2013-10-04 12:21 - 2013-10-04 12:03 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Users\Howard\Desktop\procexp.exe
2013-10-03 07:20 - 2013-10-03 07:20 - 00058556 _____ C:\Users\Howard\Desktop\Extras.Txt
2013-10-03 07:16 - 2013-10-03 07:16 - 00047154 _____ C:\Users\Howard\Desktop\OTL.Txt
2013-10-03 06:56 - 2013-09-29 10:44 - 00602112 _____ (OldTimer Tools) C:\Users\Howard\Desktop\OTL.exe
2013-10-02 12:15 - 2013-10-02 12:15 - 00000000 ____D C:\Users\Howard\AppData\Local\Adobe
2013-10-02 10:49 - 2009-04-07 08:41 - 00050688 _____ (Atribune.org) C:\Users\Howard\Desktop\ATF-Cleaner.exe
2013-09-27 14:35 - 2013-07-31 20:30 - 12335104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-27 14:35 - 2013-07-31 20:05 - 09738752 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-27 14:35 - 2013-07-31 20:00 - 01800704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-27 14:35 - 2013-07-31 19:53 - 01104896 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-27 14:35 - 2013-07-31 19:52 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-09-27 14:35 - 2013-07-31 19:52 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-27 14:35 - 2013-07-31 19:51 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-09-27 14:35 - 2013-07-31 19:49 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-27 14:35 - 2013-07-31 19:48 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-27 14:35 - 2013-07-31 19:48 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-09-27 14:35 - 2013-07-31 19:48 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-09-27 14:35 - 2013-07-31 19:47 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-27 14:35 - 2013-07-31 19:46 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-27 14:35 - 2013-07-31 19:45 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-27 14:35 - 2013-07-31 19:45 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-09-27 14:35 - 2013-07-31 19:42 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-22 07:48 - 2013-08-08 11:03 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-22 07:48 - 2013-08-02 11:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-22 07:48 - 2013-08-02 11:49 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-22 07:48 - 2013-08-02 11:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 10:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-22 07:48 - 2013-08-02 10:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 10:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 10:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-22 07:48 - 2013-08-02 10:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-22 07:48 - 2013-07-26 11:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-22 07:48 - 2013-07-26 11:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-22 07:26 - 2013-09-22 07:26 - 00000000 _____ C:\END
2013-09-19 06:08 - 2013-09-19 06:08 - 00094208 _____ (DivX, Inc.) C:\windows\system32\dpl100.dll
2013-09-08 11:41 - 2013-09-08 11:41 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

2013-10-05 06:51 - 2013-10-05 06:51 - 00000000 ____D C:\FRST
2013-10-05 06:49 - 2013-10-05 06:50 - 01087213 _____ (Farbar) C:\Users\Howard\Desktop\FRST.exe
2013-10-05 06:38 - 2013-10-05 06:34 - 00189350 _____ C:\Users\Howard\Desktop\ABS.txt
2013-10-05 06:32 - 2013-10-05 06:32 - 00000937 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-10-05 06:32 - 2013-10-05 06:32 - 00000000 ____D C:\Program Files\Speccy
2013-10-05 06:15 - 2012-05-12 03:53 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-05 06:12 - 2009-07-14 14:34 - 00010000 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 06:12 - 2009-07-14 14:34 - 00010000 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 06:08 - 2012-01-08 00:41 - 01050533 _____ C:\windows\WindowsUpdate.log
2013-10-05 06:05 - 2009-07-14 14:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-05 06:05 - 2009-07-14 14:39 - 00057446 _____ C:\windows\setupact.log
2013-10-04 16:59 - 2013-10-04 17:00 - 05552488 _____ (Piriform Ltd) C:\Users\Howard\Desktop\spsetup123.exe
2013-10-04 16:04 - 2012-01-07 09:28 - 00008126 _____ C:\windows\PFRO.log
2013-10-04 15:56 - 2013-10-04 15:55 - 00001769 _____ C:\VEW.txt
2013-10-04 15:53 - 2013-10-04 15:54 - 00061440 _____ ( ) C:\Users\Howard\Desktop\VEW.exe
2013-10-04 12:26 - 2013-10-04 12:26 - 00007208 _____ C:\Users\Howard\Desktop\System Idle Process.txt
2013-10-04 12:03 - 2013-10-04 12:21 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Users\Howard\Desktop\procexp.exe
2013-10-03 07:20 - 2013-10-03 07:20 - 00058556 _____ C:\Users\Howard\Desktop\Extras.Txt
2013-10-03 07:16 - 2013-10-03 07:16 - 00047154 _____ C:\Users\Howard\Desktop\OTL.Txt
2013-10-03 06:31 - 2009-07-14 14:53 - 00032646 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-03 04:41 - 2009-09-24 06:45 - 00713888 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-02 12:29 - 2009-07-14 12:37 - 00000000 ____D C:\windows\system32\NDF
2013-10-02 12:25 - 2011-02-10 17:48 - 00000000 ____D C:\Program Files\Windows Live
2013-10-02 12:15 - 2013-10-02 12:15 - 00000000 ____D C:\Users\Howard\AppData\Local\Adobe
2013-10-01 10:55 - 2009-07-14 12:37 - 00000000 ____D C:\windows\rescache
2013-09-29 10:44 - 2013-10-03 06:56 - 00602112 _____ (OldTimer Tools) C:\Users\Howard\Desktop\OTL.exe
2013-09-29 10:24 - 2009-07-14 14:33 - 00427824 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-27 14:38 - 2012-01-07 13:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-27 14:23 - 2013-09-03 19:25 - 00000000 ____D C:\windows\system32\MRT
2013-09-27 14:16 - 2012-04-18 18:05 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-22 08:16 - 2012-05-12 03:53 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-09-22 08:16 - 2012-01-07 11:53 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 08:03 - 2012-01-07 08:51 - 00111944 _____ C:\Users\Howard\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-22 07:38 - 2013-01-10 12:38 - 00000000 ____D C:\ProgramData\DivX
2013-09-22 07:36 - 2013-01-10 12:40 - 00000000 ____D C:\Program Files\DivX
2013-09-22 07:34 - 2013-01-10 12:44 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-22 07:26 - 2013-09-22 07:26 - 00000000 _____ C:\END
2013-09-19 06:08 - 2013-09-19 06:08 - 00094208 _____ (DivX, Inc.) C:\windows\system32\dpl100.dll
2013-09-08 11:41 - 2013-09-08 11:41 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

Files to move or delete:
====================
C:\Users\Howard\X16-18984.exe


Some content of TEMP:
====================
C:\Users\Howard\AppData\Local\Temp\System.Data.SQLite.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 10:46

==================== End Of Log ============================

FARBAR - ADDITION

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Howard at 2013-10-05 06:53:28
Running from C:\Users\Howard\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 1.1.0)
AC3Filter 1.62b (Version: 1.62b)
Adobe Acrobat 7.0 Professional (Version: 7.0.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Reader X MUI (Version: 10.0.0)
ASUS WebStorage (Version: 3.0.108.222)
AsusScreensaver (Version: 1.04)
ASUSUpdate for Eee PC (Version: 1.04.01)
AsusVibe2.0 (Version: 2.0.9.157)
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
Bing Rewards Client Installer (Version: 16.0.345.0)
Broadcom Wireless Network Adapter (Version: 1.00.0000)
CapsHook (Version: 1.0.0.7)
Chicken Invaders 2
ColorLuminator Version 1.40
CyberLink PowerRecover (Version: 5.6.1622)
D3DX10 (Version: 15.4.2368.0902)
DivX Setup (Version: 2.6.1.84)
Download Navigator (Version: 1.1.0)
E-Cam (Version: 2.0.3.0)
Eee Docking 3.8.1 (Version: 3.8.1)
EPSON Scan
EPSON WF-7520 Series Printer Uninstall
EpsonNet Print (Version: 2.5.00)
ETDWare PS/2-x86 7.0.5.11_WHQL (Version: 7.0.5.11)
ExpressGateCloud (Version: 2.7.25.173)
FontResizer (Version: 1.01.0011)
Game Park Console (Version: 6.2.0.3)
Hotkey Service (Version: 1.32)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2364)
Intel® Rapid Storage Technology (Version: 9.6.4.1002)
Junk Mail filter update (Version: 15.4.3502.0922)
LiveUpdate (Version: 1.25)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Messenger 사이트 공유 (Version: 15.4.3502.0922)
Messenger 分享元件 (Version: 15.4.3502.0922)
Messenger 浏览器插件 (Version: 15.4.3502.0922)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Ultimate 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Ralink RT2860 Wireless LAN Card (Version: 1.5.1.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6186)
Speccy (Version: 1.23)
Super Hybrid Engine (Version: 2.16)
syncables desktop SE (Version: 5.5.746.11492)
True Image 2013 (Version: 16.0.5551)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VNC Viewer 5.0.3 (Version: 5.0.3)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Live 메일 (Version: 15.4.3502.0922)
Windows Live 사진 갤러리 (Version: 15.4.3502.0922)
Windows Live 필수 패키지 (Version: 15.4.3502.0922)
Windows Live 影像中心 (Version: 15.4.3502.0922)
Windows Live 照片库 (Version: 15.4.3502.0922)
Windows Live 程式集 (Version: 15.4.3502.0922)
Windows Live 软件包 (Version: 15.4.3502.0922)

==================== Restore Points =========================

03-09-2013 09:22:29 Windows Update
08-09-2013 01:44:05 Windows Update
21-09-2013 21:24:40 Windows Update
27-09-2013 04:15:13 Windows Update
30-09-2013 22:09:41 Windows Update
02-10-2013 02:22:19 Removed Windows Live Mesh ActiveX Control for Remote Connections
02-10-2013 02:23:22 Removed 원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤
02-10-2013 02:23:58 删除了 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
02-10-2013 02:24:34 已移除 適用遠端連線的 Windows Live Mesh ActiveX 控制項
02-10-2013 02:25:15 Removed Microsoft Silverlight
04-10-2013 02:15:27 Windows Update

==================== Hosts content: ==========================

2009-07-14 12:04 - 2009-06-11 07:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {27E7687F-3CEA-4ABC-ABD4-15EE730F2801} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-22] (Adobe Systems Incorporated)
Task: {A4599644-0866-48C7-AE24-53859FDCFD1F} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-09-02 21:08 - 2010-09-02 21:08 - 00118784 _____ () C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll
2012-08-23 00:12 - 2012-08-23 00:12 - 00019840 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2009-03-02 12:08 - 2009-03-02 12:08 - 00003584 _____ () C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.PropSheetExtensionHelper.dll
2012-08-22 23:32 - 2012-08-22 23:32 - 01525120 _____ () C:\Program Files\Common Files\Acronis\Home\icudt38.dll
2013-08-29 10:25 - 2013-08-29 10:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/05/2013 06:05:27 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/04/2013 05:44:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/04/2013 05:15:34 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/04/2013 04:08:27 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/04/2013 04:04:56 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/04/2013 04:02:12 PM) (Source: Service Control Manager) (User: )
Description: The NewsNetService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/04/2013 04:00:47 PM) (Source: Service Control Manager) (User: )
Description: The NewsNetService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/04/2013 03:32:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/04/2013 00:50:43 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 68%
Total physical RAM: 1014.12 MB
Available physical RAM: 314.9 MB
Total Pagefile: 2038.12 MB
Available Pagefile: 1213.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:64.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.87 GB) (Free:117.58 GB) NTFS
Drive l: (share) (Network) (Total:464.84 GB) (Free:94.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: DF58663B)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

==================== End Of Log ============================
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
You can uninstall Speccy.

If you don't use it and I can't see why you would you can also uninstall Windows Live.

The only thing I see is the temps are a bit high. I would download Speedfan, http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop.
Also prop up the back of the laptop with a book (don't block the vents) to help heat flow. Never use it on a soft surface like a bed which might block the vents.

Your hard drive looks pretty good despite the fact that it has experienced a lot of shocks.


I would update Intel® Rapid Storage Technology. You're at version 9 and they have version 12 out. There were a lot of problems with early versions.

https://downloadcent...

You don't have much memory - just 1 GB. Your Windows Starter version can take up to 2 GB so you might consider an increase. I think you would see a big improvement with boot time with 2 GB.

I'm not seeing any malware. IF you want a second opinion then I would run ESET's free online scan:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

I always advise having a second browser like Firefox or Chrome installed in case something happens to IE.

I think we can clean up now. Since you are concerned I will delete your speccy post.


You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#13
ozegirl

ozegirl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 375 posts

If you don't use it and I can't see why you would you can also uninstall Windows Live.

Already planned to do this.

check Automatic Fan Speed.

Wondered if this could be a problem. Will keep a closer eye on it.

I would update Intel® Rapid Storage Technology.

As far as I know, I'm not running this even though it is installed. I think I may have opted out of the updates for this. I googled a bit and there seems to be a bit of split opinion as to whether it should be removed - on the one hand if you have no use for it, but then again another line of thinking if it ain't broke.... any comments on this?

I always advise having a second browser like Firefox or Chrome installed in case something happens to IE.


I use Firefox on my own computer but this one requires IE for the scientific instrument to operate, so there's no point having another browser. (It doesn't use the internet, it just generates an output file in HTML, but needs to be specifically IE). If anything were to happen to IE, it would have to be reinstalled anyway. As said before, the internet is really only used on this device to download updates as it is primarily a measuring instrument. It doesn't even have an email account on it. The only time it has been used for web browsing was when we took it on our overseas trip last year to check in to webmail. However as it does have wifi capability it does mean that if my husband takes it out to a site to do a measurement that it can search for wireless networks. He's a bit of a noob when it comes to wifi security awareness and he told me the other day that he thought the netbook had connected to an unsecured network of it's own accord. This was based on the fact that he noticed it was "downloading" updates. However he has since told me that maybe it was installing updates that had previously downloaded, he really didn't know the difference. I was a bit concerned at the thought that it was possible to connect to an unknown network automatically, as in my experience, it had always been necessary to select a network to connect to, whether secure or not. Strangely though on googling this phenomenon I found several counts of others having the same issue i.e. automatically connecting to an unsecured network which had previously not been used or saved as a preferred network. It was that, combined with the huge number of updates and the slowness of the computer that had me a bit concerned. I couldn't see any entry evidence of malware and MSE reported clean but I also know that malware doesn't always announce itself so obviously. I have advised my husband to use the toggle button on the laptop to turn off wifi before he takes it out anywhere just to be safe. The only time it really needs any network connection is at home for printing purposes or to transfer files.

Be warned: If you use Limewire, utorrent or any of the other P2P programs

Glad to say I don't use any of these, but try telling my sons to get rid of these on their computers :angry:

If you have a router, log on to it today and change the default password!


I presume you mean change the default password that comes with it to something else (which I have already done) as opposed to changing it again...

Our router has not only a password but an access control list ie even with the password only MAC addresses listed to have access have permission to use it. (A reason I didn't want to list MAC addresses in the logs). As far as I know it is using the best encryption available....

Thanks for all the other advice also, will start cleaning up some stuff now....
  • 0

#14
ozegirl

ozegirl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 375 posts
I deleted some things from Task Scheduler also that I can run when I want to myself. I found one task though as follows:

EC620C59-3AFB-4FBD-9551-ECE02FBBC639

which was to run when ever task started. Any idea what that could be? Also down the bottom it was selected as configured for Windows Vista and Windows Server 2000 which is weird because I have Win 7.

Some of the other tasks I was going to edit from once a day to once a week or month but although I could alter this setting, the OK button at the bottom required to save the new setting became greyed out as soon as I did so, which meant I couldn't make the change. Tried running as administrator too. Does Task Scheduler have to be stopped in order to make the changes? In the end I just disabled or deleted those things but would like to know what's going on... if you can help :)

Edit: I googled and found nothing on that alphanumeric string, however although a search on Yahoo also found nothing, 3 sponsored links relating to electronic engineering & robotics came up (tried this twice and got same result). Probably something to do with the instrument used on the machine so I'll leave it.Still curious about how to edit task scheduler though.

Edited by ozegirl, 04 October 2013 - 10:40 PM.

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I just remembered that MSE was hogging your CPU when we ran Process Explorer. Has that stopped? If not you need to reinstall it. If you have already uninstalled Process Explorer you can just right click on the clock and select Task Manager then Processes then click twice on the CPU column header. (You need to check the box to show processes from all users) That should show you what is going on. We normally expect System Idle to be around 95%.

As for Task Scheduler it is a real pain to kill off tasks that came with Window but not so hard with the others.

Put

Task Scheduler

in the search box and wait until it finds it then right click on it and Run As Admin. Click on Task Scheduler Library and look in the right pane. It helps to grab the divider between Name and Status and slide it to the right so you can read the whole name. Find your task EC620C59-3AFB-4FBD-9551-ECE02FBBC639 and click on it. Now look in the bottom pane and click on Action and it should tell you what file it is trying to run. The fact that it talks about Windows Vista and Windows Server 2000 probably indicates the program is fairly old and hasn't been updated for Win 7 so it has to run in Compatibility mode.

If you want to change how often a task runs then right click on in the top pane and select Properties then Triggers then Edit.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP