• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

Solved Unidentified Network

Cameldung

I Like It Here
iHF Veteran
Advisor
WCG Team Member
#1
I have several pcs on my wired gigabit network. A windows7 pc has started intermittently failed to connect after boot up. No other pcs are affected. 3 pcs are connected to the router, and an uplink goes to a 16 port switch.

What happens is the win7 pc does not have internet or lan connectivety, so whilst the pc is on I disconnect the lan cable from the router and connect a cable from the gigabit switch to the pc and the pc connects. After it is connected I then disconnect the switch cable to the pc and plug the pc back into the router, and all is good for perhaps 4 or 5 reboots when to scenario repeats itself. I have swapped the lan cables with new ones to no avail.

The onboard lan drivers are up to date, and device manager shows no problems.
When there is no connectivity the network and sharing centre shows "unidentified network"

I know the pc has to be playing up to try and diagnose the issue, so next time wheres the best start point. Im wondering if my router is having an issue?
 

Malnutrition

Still Hungry
iHF Master Craftsman
#2
Can you run the tool below when the connection is fine and when it is acting up please.

Post both logs....

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.
 

Cameldung

I Like It Here
iHF Veteran
Advisor
WCG Team Member
#4
Is the router a 100 meg and is the pc a gig lan card make and model of router and switch? Is the lan card set to auto negotiate
Hi Samurai, The router is a Asus rt-n16, the swith is a d,link dgs-1016a. Everything is gigabit including the pc lan interface. speed and duplex of the onboard lan is auto negotiate.
thanks
 

Cameldung

I Like It Here
iHF Veteran
Advisor
WCG Team Member
#5
Can you run the tool below when the connection is fine and when it is acting up please.

Post both logs....

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.
Here it is thanks, Ill post the non working result next time it plays up.

Minitoolbox log.


MiniToolBox by Farbar Version: 23-01-2014
Ran by John (administrator) on 06-06-2014 at 09:33:21
Running from "C:\Users\John\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection 2 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Local Area Connection" address=192.168.137.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : win7i7
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
Physical Address. . . . . . . . . : 00-24-1D-CF-CF-F6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e1da:f3e1:8a9e:3586%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.113(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, 6 June 2014 9:18:57 AM
Lease Expires . . . . . . . . . . : Saturday, 7 June 2014 9:18:56 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 301999133
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-DE-E3-8A-00-24-1D-CF-CF-E6
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-24-1D-CF-CF-E6
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8492EACB-B276-4CCF-9CDD-BB6F528D3351}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B645A504-6691-49D0-9A17-86F82C8AE05F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:38d7:1a16:3f57:fe8e(Preferred)
Link-local IPv6 Address . . . . . : fe80::38d7:1a16:3f57:fe8e%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: www.asusnetwork.net
Address: 192.168.1.1

Name: google.com
Addresses: 2404:6800:4006:806::1008
74.125.237.135
74.125.237.134
74.125.237.133
74.125.237.142
74.125.237.132
74.125.237.131
74.125.237.136
74.125.237.128
74.125.237.129
74.125.237.137
74.125.237.130


Pinging google.com [74.125.237.130] with 32 bytes of data:
Reply from 74.125.237.130: bytes=32 time=11ms TTL=54
Reply from 74.125.237.130: bytes=32 time=10ms TTL=54

Ping statistics for 74.125.237.130:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 11ms, Average = 10ms
Server: www.asusnetwork.net
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
206.190.36.45
98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=202ms TTL=48
Reply from 98.138.253.109: bytes=32 time=195ms TTL=48

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 195ms, Maximum = 202ms, Average = 198ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 24 1d cf cf f6 ......Realtek PCIe GBE Family Controller #2
10...00 24 1d cf cf e6 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.113 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.113 266
192.168.1.113 255.255.255.255 On-link 192.168.1.113 266
192.168.1.255 255.255.255.255 On-link 192.168.1.113 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.113 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.113 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:6abd:38d7:1a16:3f57:fe8e/128
On-link
11 266 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::38d7:1a16:3f57:fe8e/128
On-link
11 266 fe80::e1da:f3e1:8a9e:3586/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/24/2014 02:21:43 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ca2f153c-6fbb-4280-8c31-9644fa0ac695}

Error: (05/21/2014 00:23:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 24.5.0.5222, time stamp: 0x53529ac4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1034
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/19/2014 10:58:32 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {df002769-1e30-4ca6-b9c5-fafa288e1f46}

Error: (05/13/2014 00:25:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: palemoon.exe, version: 24.5.0.5222, time stamp: 0x53529afd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x261bf948
Faulting process id: 0x1498
Faulting application start time: 0xpalemoon.exe0
Faulting application path: palemoon.exe1
Faulting module path: palemoon.exe2
Report Id: palemoon.exe3

Error: (05/13/2014 10:21:46 AM) (Source: Application Hang) (User: )
Description: The program RevoUninPro.exe version 3.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e18

Start Time: 01cf6e4111d21a11

Termination Time: 4

Application Path: C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe

Report Id: 8f0e635d-da34-11e3-b37b-00241dcfcfe6

Error: (05/13/2014 10:20:15 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0488ae52-3416-48b1-845b-2726029d01fd}

Error: (05/09/2014 02:40:51 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {cac3a6b2-f4a9-4225-a962-3244bd910664}

Error: (05/08/2014 03:38:59 PM) (Source: Application Hang) (User: )
Description: The program palemoon.exe version 24.5.0.5222 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1fd0

Start Time: 01cf6a70cc1ab004

Termination Time: 135

Application Path: C:\Program Files\Pale Moon\palemoon.exe

Report Id: 09efcfed-d673-11e3-941d-00241dcfcfe6

Error: (05/08/2014 03:38:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 24.5.0.5222, time stamp: 0x53529ac4
Faulting module name: mozalloc.dll, version: 24.5.0.5222, time stamp: 0x53528f3a
Exception code: 0x80000003
Fault offset: 0x000011fc
Faulting process id: 0x1aa0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/08/2014 03:37:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: palemoon.exe, version: 24.5.0.5222, time stamp: 0x53529afd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1fd0
Faulting application start time: 0xpalemoon.exe0
Faulting application path: palemoon.exe1
Faulting module path: palemoon.exe2
Report Id: palemoon.exe3


System errors:
=============
Error: (06/06/2014 09:20:58 AM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (06/06/2014 09:18:58 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RecAgent

Error: (06/06/2014 09:18:50 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (06/06/2014 09:18:47 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (06/05/2014 02:59:20 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (06/05/2014 00:14:38 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (06/05/2014 00:12:42 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (06/05/2014 00:12:38 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RecAgent

Error: (06/05/2014 00:12:32 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (06/05/2014 00:12:29 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================
Error: (05/24/2014 02:21:43 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ca2f153c-6fbb-4280-8c31-9644fa0ac695}

Error: (05/21/2014 00:23:37 PM) (Source: Application Error)(User: )
Description: plugin-container.exe24.5.0.522253529ac4unknown0.0.0.000000000c000000500000000103401cf748383df47fdC:\Program Files\Pale Moon\plugin-container.exeunknowne9b23178-e08e-11e3-bec2-00241dcfcfe6

Error: (05/19/2014 10:58:32 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {df002769-1e30-4ca6-b9c5-fafa288e1f46}

Error: (05/13/2014 00:25:51 PM) (Source: Application Error)(User: )
Description: palemoon.exe24.5.0.522253529afdunknown0.0.0.000000000c0000005261bf948149801cf6e4215084475C:\Program Files\Pale Moon\palemoon.exeunknowne6351d66-da45-11e3-b37b-00241dcfcfe6

Error: (05/13/2014 10:21:46 AM) (Source: Application Hang)(User: )
Description: RevoUninPro.exe3.0.8.01e1801cf6e4111d21a114C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe8f0e635d-da34-11e3-b37b-00241dcfcfe6

Error: (05/13/2014 10:20:15 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0488ae52-3416-48b1-845b-2726029d01fd}

Error: (05/09/2014 02:40:51 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {cac3a6b2-f4a9-4225-a962-3244bd910664}

Error: (05/08/2014 03:38:59 PM) (Source: Application Hang)(User: )
Description: palemoon.exe24.5.0.52221fd001cf6a70cc1ab004135C:\Program Files\Pale Moon\palemoon.exe09efcfed-d673-11e3-941d-00241dcfcfe6

Error: (05/08/2014 03:38:59 PM) (Source: Application Error)(User: )
Description: plugin-container.exe24.5.0.522253529ac4mozalloc.dll24.5.0.522253528f3a80000003000011fc1aa001cf6a70d9e59ee7C:\Program Files\Pale Moon\plugin-container.exeC:\Program Files\Pale Moon\mozalloc.dll0d9b0b5d-d673-11e3-941d-00241dcfcfe6

Error: (05/08/2014 03:37:16 PM) (Source: Application Error)(User: )
Description: palemoon.exe24.5.0.522253529afdunknown0.0.0.000000000c0000005000000001fd001cf6a70cc1ab004C:\Program Files\Pale Moon\palemoon.exeunknowncfd15631-d672-11e3-941d-00241dcfcfe6


=========================== Installed Programs ============================

******** (Version: 2.2.0)
32 Bit HP CIO Components Installer (Version: 8.1.2)
Acronis True Image 2014 (Version: 17.0.6673)
Adobe Flash Player 13 Plugin (Version: 13.0.0.206)
AIO_CDA_ProductContext (Version: 130.0.365.000)
AIO_CDA_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.365.000)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Ashampoo Burning Studio 14 v.14.0.1 (Version: 14.0.1)
Ashampoo Photo Commander 11 v.11.0.3 (Version: 11.0.3)
ASUS Xonar DS Audio Driver
Audacity 2.0.2 (Version: 2.0.2)
avast! Free Antivirus (Version: 9.0.2018)
BUFFALO NAS Navigator2
BufferChm (Version: 130.0.331.000)
Bulk Rename Utility 2.7.1.2
C6100 (Version: 130.0.365.000)
c6100_Help (Version: 82.0.256.000)
CCleaner (Version: 4.10)
CloneCD
Copy (Version: 130.0.428.000)
Corel Paint Shop Pro Photo X2 (Version: 12.010.0000)
Crystal Reports for .NET Framework 2.0 (x86) (Version: 10.2.0)
D3DX10 (Version: 15.4.2368.0902)
Daum PotPlayer 1.5.33820
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp Dalet Codec
dBpoweramp DSP Effects (Version: Release 6)
dBpoweramp FLAC Codec (Version: Release 12 (FLAC 1.2.1))
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec (Version: Release 2a (v4.0.3))
dBpoweramp Music Converter (Version: Release 14)
dBpoweramp Ogg Vorbis Codec (Version: Release 19 (Vorbis v1.2.0))
dBpoweramp Real Audio (Helix) Encoder
dBPoweramp tooLame MP2 codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
Definition update for Microsoft Office 2010 (KB982726)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
D-Link DU-562M External Modem
Fax (Version: 130.0.418.000)
FontExpert 2009
Foxit PhantomPDF (Version: 5.4.0.902)
Free Registry Defrag
Free YouTube Download version 3.2.35.514 (Version: 3.2.35.514)
GetSmile v1.952 (Version: 1.952)
Gigabyte Raid Configurer (Version: 1.00.0000)
GPBaseService2 (Version: 130.0.371.000)
Holiday Lights 5.4
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (Version: 13.0)
HP Solution Center 13.0 (Version: 13.0)
HPPhotoGadget (Version: 130.0.282.000)
HPProductAssistant (Version: 130.0.371.000)
Icon Restore 1.0
Inpaint 2.4
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Magic ISO Maker v5.5 (build 0276)
Magic ISO Maker v5.5 (build 0281)
MailWasher Pro
Malwarebytes' Anti-Malware version 1.51.0.1200 (Version: 1.51.0.1200)
MediaMonkey 4.1 (Version: 4.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (Version: 3.5.0.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MiniTool Partition Wizard Home Edition 7.5
Movie Maker (Version: 16.4.3503.0728)
MozBackup 1.4.10
Mozilla Thunderbird 24.3.0 (x86 en-US) (Version: 24.3.0)
MSConfig CleanUp 1.2
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MYOB AccountRight Standard v19 (Version: 19.0.0)
MYOB ODBC Direct v10 AUS (Version: 10.0.0)
Network (Version: 130.0.572.000)
NVIDIA Control Panel 310.70 (Version: 310.70)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 310.70 (Version: 310.70)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA PhysX (Version: 9.12.1031)
Okdo Document Converter Professional 4.5
OpenAL
Pale Moon 24.5.0 (x86 en-US) (Version: 24.5.0)
PDF Password Remover v3.0
Photo Common (Version: 16.4.3503.0728)
Photo Gallery (Version: 16.4.3503.0728)
PS_SF_02_Software (Version: 130.0.365.000)
PS_SF_02_Software_Min (Version: 130.0.365.000)
PVSonyDll (Version: 1.00.0001)
Quicken 2010 (Version: 19.1.1.19)
Realtek Ethernet Controller Driver (Version: 7.49.927.2011)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.30.0)
Revo Uninstaller Pro 3.0.8 (Version: 3.0.8)
RFFlow
Scan (Version: 13.0.0.0)
SolSuite 2013 v13.0 (Version: 13.0)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
TeraCopy 2.27
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
UBitMenu UK (Version: 01.04)
UnloadSupport (Version: 11.0.0)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
ViceVersa Pro 2.5 (Build 2501) (Version: 2)
VideoReDo TVSuite Version 4.20.7.629
VueScan
WebReg (Version: 130.0.132.017)
WinCatalog Light (remove only)
Windows Live Communications Platform (Version: 16.4.3503.0728)
Windows Live Essentials (Version: 16.4.3503.0728)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3503.0728)
Windows Live Photo Common (Version: 16.4.3503.0728)
Windows Live PIMT Platform (Version: 16.4.3503.0728)
Windows Live SOXE (Version: 16.4.3503.0728)
Windows Live SOXE Definitions (Version: 16.4.3503.0728)
Windows Live UX Platform (Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (Version: 16.4.3503.0728)
Windows7FirewallControl (i386) 4.1.21.93 (Version: 4.1.21.93)
Winmail Reader 1.1.12
WinRAR 4.11 (32-bit) (Version: 4.11.0)

========================= Devices: ================================

Name: hp LaserJet 4200
Description: hp LaserJet 4200
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 3575.24 MB
Available physical RAM: 2240.6 MB
Total Pagefile: 7148.77 MB
Available Pagefile: 5742.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.38 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:1862.92 GB) (Free:1689.66 GB) NTFS
2 Drive d: () (Fixed) (Total:1863.01 GB) (Free:952.35 GB) NTFS
5 Drive g: (PORT APPS) (Removable) (Total:7.44 GB) (Free:0.66 GB) FAT32

========================= Users: ========================================

User accounts for \\WIN7I7

Administrator Guest John


**** End of log ****
 

Attachments

Last edited by a moderator:

Samuria

Network Specalist
Moderator
#6
try setting a fixed ip see if it cures it sounds as if its not reaching the dhcp server set as follows

IPv4 Address. . . . . . . . . . . : 192.168.1.33
Subnet Mask . . . . . . . . . . . : 255.255.255.0

dns 208.67.220.220 & 208.67.222.222
Default Gateway . . . . . . . . . : 192.168.1.1
 

Malnutrition

Still Hungry
iHF Master Craftsman
#7
Your version of Malwarebytes is really outdated....

Please remove the following item below from your add remove programs and then reboot.


Malwarebytes' Anti-Malware version 1.51.0.1200 (Version: 1.51.0.1200)



Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log



Please download Junkware Removal Tool and save it on your desktop.



    • Shut down your anti-virus, anti-spyware, software to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log is saved to your desktop and will automatically open.
    • Please attach the JRT log.
Please download AdwCleaner by Xplode onto your desktop.



    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 

Cameldung

I Like It Here
iHF Veteran
Advisor
WCG Team Member
#8
try setting a fixed ip see if it cures it sounds as if its not reaching the dhcp server set as follows

IPv4 Address. . . . . . . . . . . : 192.168.1.33
Subnet Mask . . . . . . . . . . . : 255.255.255.0

dns 208.67.220.220 & 208.67.222.222
Default Gateway . . . . . . . . . : 192.168.1.1
Thank you Samurai, changed as per your recommendation, and no problems yet, will report after a little more time.
Thanks again.
 

Cameldung

I Like It Here
iHF Veteran
Advisor
WCG Team Member
#9
Your version of Malwarebytes is really outdated....

Please remove the following item below from your add remove programs and then reboot.


Malwarebytes' Anti-Malware version 1.51.0.1200 (Version: 1.51.0.1200)



Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log



Please download Junkware Removal Tool and save it on your desktop.



    • Shut down your anti-virus, anti-spyware, software to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log is saved to your desktop and will automatically open.
    • Please attach the JRT log.
Please download AdwCleaner by Xplode onto your desktop.



    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Thank you for the concise response, here are the results


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x86
Ran by John on Sat 07/06/2014 at 13:40:01.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\dvdvideosoftiehelpers"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/06/2014 at 13:42:09.27
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



# AdwCleaner v3.212 - Report created 07/06/2014 at 14:12:01
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : John - WIN7I7
# Running from : C:\Users\John\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


*************************

AdwCleaner[R0].txt - [1022 octets] - [07/06/2014 13:55:46]
AdwCleaner[S0].txt - [957 octets] - [07/06/2014 14:12:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1016 octets] ##########
 

Attachments

Last edited by a moderator:

Malnutrition

Still Hungry
iHF Master Craftsman
#10
Disable ipv6
http://support.microsoft.com/kb/929852

Remove the tunnel adapters, with this Ms Fixit.

I suggest that you download CCLEANER then run it, hit the option's button then settings,put a tick next to Run Ccleaner when the computer starts.
Also when in options go to advanced tab and put a tick next to close program after cleaning.
This will automate the temporary file removal on your machine and keep it speedy.
Disable all of the start ups on the machine except your antivirus.
To disable hit the tools button then the start up button,then disable.


Some junk was removed lets remove some more if present.


Download Zoek (By Smeenk) and save that file to your Desktop.
http://www.hijackthi...220813/zoek.zip
Disable your antivirus prior to running this scan or even downloading Zoek.
Double click zip file and extract to your Desktop:
Right Click on Zoek.exe Run as Admin.
Copy the lines inside CodeBox:

Code:
iedefaults;
resethosts;
ipconfig /flushdns >> %temp%\log.txt;b
firefoxlook;
chromelook;
emptyclsid;
emptyalltemp;
empty directory check, delete
emptyfolderscheck;delete
autoclean;

Right click on any white part of Zoek and select the paste option.
Click the button [Run Script]
This scan can take some time to complete this is normal.
The program will most likely request a reboot please do so.
At the end of the scan, report will be generated at the following location. C: \ zoek-results.txt
Attach log here in your next reply.
 

Cameldung

I Like It Here
iHF Veteran
Advisor
WCG Team Member
#11
Disable ipv6
http://support.microsoft.com/kb/929852

Remove the tunnel adapters, with this Ms Fixit.

I suggest that you download CCLEANER then run it, hit the option's button then settings,put a tick next to Run Ccleaner when the computer starts.
Also when in options go to advanced tab and put a tick next to close program after cleaning.
This will automate the temporary file removal on your machine and keep it speedy.
Disable all of the start ups on the machine except your antivirus.
To disable hit the tools button then the start up button,then disable.


Some junk was removed lets remove some more if present.


Download Zoek (By Smeenk) and save that file to your Desktop.
http://www.hijackthi...220813/zoek.zip
Disable your antivirus prior to running this scan or even downloading Zoek.
Double click zip file and extract to your Desktop:
Right Click on Zoek.exe Run as Admin.
Copy the lines inside CodeBox:

Code:
iedefaults;
resethosts;
ipconfig /flushdns >> %temp%\log.txt;b
firefoxlook;
chromelook;
emptyclsid;
emptyalltemp;
empty directory check, delete
emptyfolderscheck;delete
autoclean;

Right click on any white part of Zoek and select the paste option.
Click the button [Run Script]
This scan can take some time to complete this is normal.

The program will most likely request a reboot please do so.
At the end of the scan, report will be generated at the following location. C: \ zoek-results.txt
Attach log here in your next reply.
Hello again and thanks,
IPv6 is now disabled
Tunnel adapters are removed
I already had ccleaner which is up to date, everything in startup, except avast, disabled, ccleaner run and some few items cleaned.

Avast disabled and Zoek downloaded and run as requested, and the log file attached.

I take it, now the disabled startup items can be now re-enabled, as I have learned over the years that acronis can be a real bitch without a couple of startups?

Thank you for your patience with this, here is the log you requested.


Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by John on Sun 08/06/2014 at 10:52:58.57.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\John\Desktop\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8/06/2014 10:54:33 AM Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\AGEIA Technologies deleted successfully
C:\Program Files\MSECACHE deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\PROGRA~2\Adobe deleted successfully
C:\Users\John\AppData\Roaming\AccurateRip deleted successfully
C:\Users\John\AppData\Roaming\cryptlib deleted successfully
C:\Users\John\AppData\Roaming\Downloaded Installations deleted successfully
C:\Users\John\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\John\AppData\Roaming\stickies deleted successfully
C:\Users\John\AppData\Roaming\XnView deleted successfully
C:\Users\John\AppData\Local\Adobe deleted successfully
C:\Users\John\AppData\Local\Opera deleted successfully
C:\Users\John\AppData\Local\Songbird2 deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\John\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\xkxyxzkv.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_20140806_1100_.backup

ProfilePath: C:\Users\John\AppData\Roaming\Thunderbird\Profiles\qd0q0kvh.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140806_1100_.backup

==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Users\John\AppData\Roaming\All CPU MeterV3_Settings.ini deleted
C:\Users\John\AppData\Roaming\burnaware.ini deleted
C:\Users\John\AppData\Roaming\cdr.ini deleted
C:\Users\John\AppData\Roaming\Drives Meter_Settings.ini deleted
C:\Users\John\AppData\Roaming\GPU MeterV2_Settings.ini deleted
C:\Users\John\AppData\Roaming\NetScanner.ini deleted
C:\Users\John\AppData\Roaming\Weather Meter_Settings.ini deleted
C:\Windows\System32\tempdir deleted
C:\Windows\System32\tmp42D9.tmp deleted
C:\Windows\System32\tmp5BF4.tmp deleted
C:\Windows\System32\tmp5C05.tmp deleted
C:\Windows\System32\tmp9368.tmp deleted
C:\Windows\System32\tmp9434.tmp deleted
C:\Windows\System32\tmpFFD1.tmp deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\John\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\xkxyxzkv.default
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- FireShot - %ProfilePath%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Add to Search Bar - %ProfilePath%\extensions\add-to-searchbox@maltekraus.de.xpi
- Walnut2 pour Firefox em:descriptionWalnut pour Firefox bas sur des icnes de art.gnome.org. Inclut le support de DOM inspector downloadstatusbar QuickNote Offline Googlebar tabsidebar Stylish adblockplus DataManager Flagfox Forecast Weather Hide Caption ViewAbout TabMixPlus AllInOneSidebar StumbleUpon et Favicon Restorer. - %ProfilePath%\extensions\{080955ad-b8bb-4500-806f-d2b9ad73d72e}.xpi
- Download YouTube Videos as MP4 - %ProfilePath%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
- Download Manager Tweak - %ProfilePath%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi

ProfilePath: C:\Users\John\AppData\Roaming\Thunderbird\Profiles\qd0q0kvh.default
- English Australian Dictionary - %ProfilePath%\extensions\en-AU@dictionaries.addons.mozilla.org
- Select Inbox - %ProfilePath%\extensions\{6737729A-DEFD-45c8-ADA4-971812369E11}
- ReminderFox - %ProfilePath%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Lightning Calendar Tabs - %ProfilePath%\extensions\lightningcalendartabs@jlx.84.xpi
- Office Black - %ProfilePath%\extensions\Office2007Black@JBBS.xpi
- Signature Switch - %ProfilePath%\extensions\{2ab1b709-ba03-4361-abf9-c50b964ff75d}.xpi
- CompactHeader - %ProfilePath%\extensions\{58D4392A-842E-11DE-B51A-C7B855D89593}.xpi
- Walnut2 for Thunderbird - %ProfilePath%\extensions\{786ed4c5-a408-4066-ad19-9270ba42e4f3}.xpi
- Nautipolis for Thunderbird - %ProfilePath%\extensions\{E2F592C8-CCD4-4951-9F93-6DFA76C4B062}.xpi

==== Firefox Plugins ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.au/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.au/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=162 folders=23 22339500 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\John\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\John\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\FXSSVCDebugLogFile.txt" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\FXSTIFFDebugLogFile.txt" not deleted

==== EOF on Sun 08/06/2014 at 11:09:02.65 ======================
 

Attachments

Last edited by a moderator:

Malnutrition

Still Hungry
iHF Master Craftsman
#12
I take it, now the disabled startup items can be now re-enabled,
You may re-enable any startups you wish, Most are un needed and waste resources. I personally would only have my antivirus enabled and in your case acronis.


How is the machine has it gained any speed through this process, and are there anymore issues that come to mind, if so then let me know while you have my attention?

If you wish a a final tidying of the machine we can use otl to remove any remaining redundant files from your computer....

Please download OTL to your Desktop.
Right Click it and run as admin.
Please click the Run Scan button.
Allow completion.
Post the logs generated, in your next reply.
 

Cameldung

I Like It Here
iHF Veteran
Advisor
WCG Team Member
#13
You may re-enable any startups you wish, Most are un needed and waste resources. I personally would only have my antivirus enabled and in your case acronis.


How is the machine has it gained any speed through this process, and are there anymore issues that come to mind, if so then let me know while you have my attention?

If you wish a a final tidying of the machine we can use otl to remove any remaining redundant files from your computer....

Please download OTL to your Desktop.
Right Click it and run as admin.
Please click the Run Scan button.
Allow completion.
Post the logs generated, in your next reply.
Hello again, I have restarted the startups, downloaded and run OTL as admin. The logs are attached. I have not run the fix or cleanup yet as Im wondering whats going to go? I notice a couple of errors re HP, and are guessing its because only one of my 3 Hp printers are actually switched on. I did have an awful time trying to get one of them to work on the network (the other two work fine with generic windows network drivers) and after installing gigabytes worth of rubbish several times, gave up and left it on usb? I dont like HP drivers.

So far as the pc is concerned it has not failed to connect to the network on bootup since I change the DHCP and DNS settings recommended by Samurai, and following your own advice. The computer does seem more responsive, and I dont think its the placebo effect? What has improved is its ability to quickly delete items, which was previously slower than normal. I though I was facing a reformat.

If you would be kind enough to peruse the logs and advice accordingly what to get rid of, then this thread could be marked as solved. Should the no network connection recur in the future I will open a new thread.

Again thanking you for your ongoing assistance.


OTL logfile created on: 9/06/2014 10:35:27 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.49 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 64.56% Memory free
6.98 Gb Paging File | 5.67 Gb Available in Paging File | 81.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1862.92 Gb Total Space | 1708.78 Gb Free Space | 91.73% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 952.35 Gb Free Space | 51.12% Space Free | Partition Type: NTFS
Drive G: | 7.44 Gb Total Space | 0.66 Gb Free Space | 8.91% Space Free | Partition Type: FAT32
Computer Name: WIN7I7 | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/09 10:34:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2014/06/08 12:41:10 | 000,265,848 | ---- | M] (Moonchild Productions) -- C:\Program Files\Pale Moon\palemoon.exe
PRC - [2014/05/09 14:41:45 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2014/05/09 14:41:45 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2014/02/04 17:32:24 | 007,805,936 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2013/10/10 11:41:26 | 001,102,192 | ---- | M] (Acronis International GmbH) -- C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2013/07/18 11:57:26 | 000,379,672 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2013/07/18 11:50:36 | 000,777,016 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2012/12/01 14:38:02 | 000,865,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/06/12 09:14:00 | 000,055,296 | ---- | M] (Nenad Hrg (SoftwareOK.com)) -- C:\portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe
PRC - [2011/10/31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
PRC - [2011/08/22 19:59:04 | 000,835,584 | ---- | M] (Sphinx Software) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
PRC - [2011/08/22 19:48:04 | 000,417,792 | ---- | M] (Sphinx Software) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
PRC - [2011/05/12 16:50:03 | 001,990,656 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/17 11:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/12/16 09:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2009/09/15 09:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE
PRC - [2009/05/15 10:37:00 | 000,206,128 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassche.exe
PRC - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\system\HsMgr.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
========== Modules (No Company Name) ==========
MOD - [2014/06/08 12:41:11 | 003,040,256 | ---- | M] () -- C:\Program Files\Pale Moon\mozjs.dll
MOD - [2014/02/27 08:35:59 | 001,020,928 | ---- | M] () -- C:\Users\John\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\xkxyxzkv.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2014/02/04 17:25:56 | 000,028,992 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Home\thread_pool.dll
MOD - [2014/02/04 17:25:52 | 000,036,672 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\qt_icontray_ex.dll
MOD - [2013/12/04 09:50:34 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2013/10/01 10:00:14 | 000,022,336 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2013/10/01 09:26:52 | 002,627,672 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\tishell.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/10/26 17:41:20 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2011/04/19 14:56:58 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar DS Audio\Customapp\VmixP8.dll
MOD - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\system\HsMgr.exe
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2014/05/09 14:41:45 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/02/25 11:49:59 | 003,873,784 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2014/02/04 15:56:28 | 007,142,320 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2013/07/18 11:50:36 | 000,777,016 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/09/05 16:18:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/10/31 14:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2011/08/22 19:48:04 | 000,417,792 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2009/12/16 09:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/09/15 09:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (astcc)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtTeam60.sys -- (TEAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SlWdmSup.sys -- (SlWdmSup)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Slnthal.sys -- (SlNtHal)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\slnt7554.sys -- (Slnt7554)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Mtlstrm.sys -- (Mtlstrm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Mtlmnt5.sys -- (Mtlmnt5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSFHWCD2.sys -- (HSFHWCD2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2014/05/16 12:57:20 | 000,777,488 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/05/16 12:57:20 | 000,411,680 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/05/16 12:57:20 | 000,068,312 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2014/05/09 14:41:48 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/05/09 14:41:48 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/05/09 14:41:48 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/05/09 14:41:48 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/05/09 14:41:48 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/02/25 11:50:00 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2014/02/25 11:49:56 | 000,889,888 | ---- | M] (Acronis International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2013/10/26 09:02:10 | 000,143,648 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tib_mounter.sys -- (tib_mounter)
DRV - [2013/08/30 10:56:43 | 000,736,192 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tib.sys -- (tib)
DRV - [2013/08/30 10:56:39 | 000,116,000 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2013/08/30 10:56:38 | 000,085,280 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vidsflt.sys -- (vidsflt)
DRV - [2013/08/30 10:56:36 | 000,185,120 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2013/08/30 10:56:35 | 000,086,304 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012/12/04 01:39:40 | 009,373,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/06/18 12:34:38 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/06/18 12:34:38 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2011/03/10 15:43:40 | 001,760,256 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudaxp.sys -- (cmudaxp)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/19 12:34:14 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/11/19 12:34:12 | 000,062,208 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/07/04 11:51:28 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\portable apps\unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/12/30 09:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/13 18:10:36 | 000,096,368 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2009/04/21 13:58:06 | 001,147,392 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2007/02/19 17:35:48 | 000,243,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWCD2.sys -- (HSXHWCD2)
DRV - [2007/02/16 10:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007/01/30 12:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 B0 A4 79 A5 94 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.6.0\extensions\\Components: C:\Program Files\Pale Moon\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.6.0\extensions\\Plugins: C:\Program Files\Pale Moon\plugins
[2013/02/12 10:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2013/02/12 10:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
O1 HOSTS File: ([2014/06/08 10:54:36 | 000,000,840 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis International GmbH)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [Cmaudio8788GX] C:\Windows\system\HsMgr.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKCU..\Run: [AlwaysMouseWheel] C:\portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe (Nenad Hrg (SoftwareOK.com))
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8492EACB-B276-4CCF-9CDD-BB6F528D3351}: NameServer = 208.67.220.220,208.67.222.222
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/06/09 10:34:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2014/06/08 12:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Pale Moon
[2014/06/08 11:09:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/08 11:01:56 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/06/08 11:01:56 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Temp
[2014/06/08 10:52:45 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/06/08 10:52:20 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\zoek
[2014/06/08 10:35:23 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\ipv6fix
[2014/06/07 13:55:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/07 13:35:52 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\John\Desktop\JRT.exe
[2014/06/07 12:34:25 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/07 12:34:03 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/06/07 12:34:03 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/06/07 12:34:03 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/06/07 12:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/06/06 09:31:18 | 000,982,016 | ---- | C] (Farbar) -- C:\Users\John\Desktop\MiniToolBox.exe
[2014/06/04 09:42:48 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\xyplorer_free_noinstall
[2014/05/31 13:44:38 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\roberto delgado
[2014/05/28 14:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2014/05/28 14:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2014/05/28 14:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2014/05/28 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DVDVideoSoft
[2014/05/27 11:47:59 | 000,282,624 | ---- | C] (Big Daddy Design) -- C:\Users\John\Desktop\Windows_7_in_a_Box.exe
[2014/05/15 13:02:47 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\country
[2014/05/13 10:35:22 | 000,692,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/13 10:35:21 | 000,070,832 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/13 10:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/09/21 11:01:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\John\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2014/06/09 10:35:09 | 000,023,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/09 10:35:09 | 000,023,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/09 10:34:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2014/06/09 10:32:27 | 000,663,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/06/09 10:32:27 | 000,124,400 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/06/09 10:28:08 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2014/06/09 10:27:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/09 10:27:46 | 2811,682,816 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/08 16:27:18 | 000,129,206 | ---- | M] () -- C:\Users\John\Desktop\2014-06-08_162716.jpg
[2014/06/08 12:55:26 | 000,210,436 | ---- | M] () -- C:\Users\John\Desktop\2014-06-08_125523.jpg
[2014/06/08 10:54:36 | 000,000,840 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/06/08 10:52:45 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/06/08 10:48:15 | 000,004,684 | ---- | M] () -- C:\cc_20140608_104810.reg
[2014/06/07 15:57:04 | 000,045,959 | ---- | M] () -- C:\Users\John\Desktop\2014-06-07_155703.jpg
[2014/06/07 15:56:24 | 000,216,884 | ---- | M] () -- C:\Users\John\Desktop\2014-06-07_155622.jpg
[2014/06/07 13:54:48 | 001,333,465 | ---- | M] () -- C:\Users\John\Desktop\adwcleaner_3.212.exe
[2014/06/07 13:35:47 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\John\Desktop\JRT.exe
[2014/06/07 13:35:11 | 000,102,944 | ---- | M] () -- C:\Users\John\Desktop\2014-06-07_133506.jpg
[2014/06/07 12:52:13 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/07 12:34:06 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/06 09:31:21 | 000,982,016 | ---- | M] (Farbar) -- C:\Users\John\Desktop\MiniToolBox.exe
[2014/06/05 16:25:57 | 000,072,079 | ---- | M] () -- C:\Users\John\Desktop\2014-06-05_162555.jpg
[2014/06/05 14:10:01 | 000,118,156 | ---- | M] () -- C:\Users\John\Desktop\2014-06-05_140959.jpg
[2014/06/05 14:02:22 | 000,025,109 | ---- | M] () -- C:\Users\John\Desktop\phew-smiley-emoticon_zpsccf72f9a.gif
[2014/06/05 13:53:13 | 000,064,708 | ---- | M] () -- C:\Users\John\Desktop\bash-head_zpsa8d36584.gif
[2014/06/05 13:47:19 | 000,380,504 | ---- | M] () -- C:\Users\John\Desktop\pic6.jpg
[2014/06/05 13:46:36 | 000,402,668 | ---- | M] () -- C:\Users\John\Desktop\pic7.jpg
[2014/06/04 10:41:44 | 000,326,243 | ---- | M] () -- C:\Users\John\Desktop\pic 5.jpg
[2014/06/04 10:30:55 | 000,386,759 | ---- | M] () -- C:\Users\John\Desktop\pic4.jpg
[2014/06/04 10:20:59 | 000,476,914 | ---- | M] () -- C:\Users\John\Desktop\pic 3.jpg
[2014/06/04 10:11:46 | 000,387,737 | ---- | M] () -- C:\Users\John\Desktop\pic2.jpg
[2014/06/04 10:02:28 | 000,277,475 | ---- | M] () -- C:\Users\John\Desktop\pic1.jpg
[2014/06/03 14:34:07 | 000,197,799 | ---- | M] () -- C:\Users\John\Desktop\2014-06-03_143404.jpg
[2014/06/02 15:50:39 | 000,001,402 | ---- | M] () -- C:\Users\John\Desktop\XYplorer.lnk
[2014/06/02 10:12:25 | 000,021,793 | ---- | M] () -- C:\Users\John\Desktop\2014-06-02_101223.jpg
[2014/06/02 10:11:27 | 000,027,046 | ---- | M] () -- C:\Users\John\Desktop\2014-06-02_101125.jpg
[2014/06/02 10:10:35 | 000,068,243 | ---- | M] () -- C:\Users\John\Desktop\2014-06-02_101033.jpg
[2014/05/31 16:12:39 | 000,000,245 | ---- | M] () -- C:\Users\John\Desktop\iHelpForum.URL
[2014/05/29 13:59:53 | 001,090,410 | ---- | M] () -- C:\Users\John\Desktop\p1010241.jpg
[2014/05/28 14:36:01 | 000,002,176 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2014/05/27 11:47:54 | 000,282,624 | ---- | M] (Big Daddy Design) -- C:\Users\John\Desktop\Windows_7_in_a_Box.exe
[2014/05/25 15:59:11 | 000,022,987 | ---- | M] () -- C:\Users\John\Desktop\humor.gif
[2014/05/25 15:54:45 | 000,015,509 | ---- | M] () -- C:\Users\John\Desktop\2014-05-25_155445.jpg
[2014/05/25 15:37:46 | 000,059,489 | ---- | M] () -- C:\Users\John\Desktop\2014-05-25_153743.jpg
[2014/05/24 15:55:30 | 011,026,133 | ---- | M] () -- C:\Users\John\Desktop\The VW Boys Big Earl.mp4
[2014/05/21 15:23:53 | 000,012,220 | ---- | M] () -- C:\Users\John\Desktop\downloadwww.gif
[2014/05/20 14:58:21 | 000,017,416 | ---- | M] () -- C:\Users\John\Desktop\0021.gif
[2014/05/20 14:56:04 | 000,483,543 | ---- | M] () -- C:\Users\John\Desktop\tumblr_lt5u3zuWGC1qcf2rso1_500.gif
[2014/05/20 14:53:22 | 000,014,560 | ---- | M] () -- C:\Users\John\Desktop\x_correcamins8o.gif
[2014/05/20 14:50:50 | 000,618,923 | ---- | M] () -- C:\Users\John\Desktop\4QqmN3m.gif
[2014/05/20 14:47:31 | 001,040,034 | ---- | M] () -- C:\Users\John\Desktop\roadrunner.gif
[2014/05/19 11:07:53 | 000,001,803 | ---- | M] () -- C:\Users\John\Desktop\PartitionWizard.lnk
[2014/05/18 12:55:47 | 000,110,665 | ---- | M] () -- C:\Users\John\Desktop\2014-05-18_125546.jpg
[2014/05/18 12:52:53 | 000,071,620 | ---- | M] () -- C:\Users\John\Desktop\funny-cars-ads.jpg
[2014/05/18 12:36:23 | 000,008,626 | ---- | M] () -- C:\Users\John\Desktop\stupid-car-sticker.jpg
[2014/05/18 11:54:19 | 000,158,508 | ---- | M] () -- C:\Users\John\Desktop\oQtI613.gif
[2014/05/17 15:54:31 | 000,001,306 | ---- | M] () -- C:\Users\John\Desktop\FreeFileSync.lnk
[2014/05/16 13:33:29 | 000,102,556 | ---- | M] () -- C:\Users\John\Desktop\2014-05-16_133328.jpg
[2014/05/16 13:25:32 | 000,072,660 | ---- | M] () -- C:\Users\John\Desktop\2014-05-16_132531.jpg
[2014/05/16 13:24:10 | 000,121,791 | ---- | M] () -- C:\Users\John\Desktop\2014-05-16_132409.jpg
[2014/05/16 13:22:50 | 000,150,415 | ---- | M] () -- C:\Users\John\Desktop\2014-05-16_132250.jpg
[2014/05/16 13:20:13 | 000,055,211 | ---- | M] () -- C:\Users\John\Desktop\2014-05-16_132012.jpg
[2014/05/16 13:17:01 | 000,132,603 | ---- | M] () -- C:\Users\John\Desktop\2014-05-16_131659.jpg
[2014/05/16 13:14:56 | 000,045,123 | ---- | M] () -- C:\Users\John\Desktop\2014-05-16_131450.jpg
[2014/05/16 12:57:20 | 000,777,488 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/05/16 12:57:20 | 000,411,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/05/16 12:57:20 | 000,068,312 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswstm.sys
[2014/05/14 13:28:22 | 000,012,194 | ---- | M] () -- C:\cc_20140514_132816.reg
[2014/05/13 15:52:48 | 000,062,086 | ---- | M] () -- C:\Users\John\Desktop\2014-05-13_155246.jpg
[2014/05/13 15:44:31 | 000,008,172 | ---- | M] () -- C:\Users\John\Desktop\2014-05-13_154430.jpg
[2014/05/13 15:21:03 | 000,011,349 | ---- | M] () -- C:\Users\John\Desktop\2014-05-13_152102.jpg
[2014/05/13 15:20:38 | 000,008,349 | ---- | M] () -- C:\Users\John\Desktop\2014-05-13_152037.jpg
[2014/05/13 10:35:22 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/13 10:35:21 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/12 15:10:15 | 000,105,076 | ---- | M] () -- C:\Users\John\Desktop\2014-05-12_151014.jpg
[2014/05/12 15:09:44 | 000,083,760 | ---- | M] () -- C:\Users\John\Desktop\2014-05-12_150944.jpg
[2014/05/12 15:09:25 | 000,100,132 | ---- | M] () -- C:\Users\John\Desktop\2014-05-12_150924.jpg
[2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/05/12 07:25:58 | 000,074,456 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2014/06/08 16:27:18 | 000,129,206 | ---- | C] () -- C:\Users\John\Desktop\2014-06-08_162716.jpg
[2014/06/08 12:55:26 | 000,210,436 | ---- | C] () -- C:\Users\John\Desktop\2014-06-08_125523.jpg
[2014/06/08 11:01:56 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/06/08 10:48:14 | 000,004,684 | ---- | C] () -- C:\cc_20140608_104810.reg
[2014/06/07 15:57:04 | 000,045,959 | ---- | C] () -- C:\Users\John\Desktop\2014-06-07_155703.jpg
[2014/06/07 15:56:24 | 000,216,884 | ---- | C] () -- C:\Users\John\Desktop\2014-06-07_155622.jpg
[2014/06/07 13:54:48 | 001,333,465 | ---- | C] () -- C:\Users\John\Desktop\adwcleaner_3.212.exe
[2014/06/07 13:35:11 | 000,102,944 | ---- | C] () -- C:\Users\John\Desktop\2014-06-07_133506.jpg
[2014/06/07 12:34:06 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/05 16:25:57 | 000,072,079 | ---- | C] () -- C:\Users\John\Desktop\2014-06-05_162555.jpg
[2014/06/05 14:10:01 | 000,118,156 | ---- | C] () -- C:\Users\John\Desktop\2014-06-05_140959.jpg
[2014/06/05 14:02:22 | 000,025,109 | ---- | C] () -- C:\Users\John\Desktop\phew-smiley-emoticon_zpsccf72f9a.gif
[2014/06/05 13:53:12 | 000,064,708 | ---- | C] () -- C:\Users\John\Desktop\bash-head_zpsa8d36584.gif
[2014/06/05 13:47:19 | 000,380,504 | ---- | C] () -- C:\Users\John\Desktop\pic6.jpg
[2014/06/05 13:46:36 | 000,402,668 | ---- | C] () -- C:\Users\John\Desktop\pic7.jpg
[2014/06/04 10:41:44 | 000,326,243 | ---- | C] () -- C:\Users\John\Desktop\pic 5.jpg
[2014/06/04 10:30:55 | 000,386,759 | ---- | C] () -- C:\Users\John\Desktop\pic4.jpg
[2014/06/04 10:20:59 | 000,476,914 | ---- | C] () -- C:\Users\John\Desktop\pic 3.jpg
[2014/06/04 10:11:46 | 000,387,737 | ---- | C] () -- C:\Users\John\Desktop\pic2.jpg
[2014/06/04 09:46:06 | 000,277,475 | ---- | C] () -- C:\Users\John\Desktop\pic1.jpg
[2014/06/03 14:34:07 | 000,197,799 | ---- | C] () -- C:\Users\John\Desktop\2014-06-03_143404.jpg
[2014/06/02 10:12:25 | 000,021,793 | ---- | C] () -- C:\Users\John\Desktop\2014-06-02_101223.jpg
[2014/06/02 10:11:27 | 000,027,046 | ---- | C] () -- C:\Users\John\Desktop\2014-06-02_101125.jpg
[2014/06/02 10:10:35 | 000,068,243 | ---- | C] () -- C:\Users\John\Desktop\2014-06-02_101033.jpg
[2014/05/31 16:12:39 | 000,000,245 | ---- | C] () -- C:\Users\John\Desktop\iHelpForum.URL
[2014/05/29 13:59:53 | 001,090,410 | ---- | C] () -- C:\Users\John\Desktop\p1010241.jpg
[2014/05/28 14:36:01 | 000,002,176 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk
[2014/05/25 15:59:10 | 000,022,987 | ---- | C] () -- C:\Users\John\Desktop\humor.gif
[2014/05/25 15:54:45 | 000,015,509 | ---- | C] () -- C:\Users\John\Desktop\2014-05-25_155445.jpg
[2014/05/25 15:37:46 | 000,059,489 | ---- | C] () -- C:\Users\John\Desktop\2014-05-25_153743.jpg
[2014/05/24 15:55:24 | 011,026,133 | ---- | C] () -- C:\Users\John\Desktop\The VW Boys Big Earl.mp4
[2014/05/21 15:23:53 | 000,012,220 | ---- | C] () -- C:\Users\John\Desktop\downloadwww.gif
[2014/05/20 14:58:21 | 000,017,416 | ---- | C] () -- C:\Users\John\Desktop\0021.gif
[2014/05/20 14:56:04 | 000,483,543 | ---- | C] () -- C:\Users\John\Desktop\tumblr_lt5u3zuWGC1qcf2rso1_500.gif
[2014/05/20 14:53:22 | 000,014,560 | ---- | C] () -- C:\Users\John\Desktop\x_correcamins8o.gif
[2014/05/20 14:50:50 | 000,618,923 | ---- | C] () -- C:\Users\John\Desktop\4QqmN3m.gif
[2014/05/20 14:47:30 | 001,040,034 | ---- | C] () -- C:\Users\John\Desktop\roadrunner.gif
[2014/05/19 11:07:53 | 000,001,803 | ---- | C] () -- C:\Users\John\Desktop\PartitionWizard.lnk
[2014/05/18 12:55:47 | 000,110,665 | ---- | C] () -- C:\Users\John\Desktop\2014-05-18_125546.jpg
[2014/05/18 12:52:53 | 000,071,620 | ---- | C] () -- C:\Users\John\Desktop\funny-cars-ads.jpg
[2014/05/18 12:36:23 | 000,008,626 | ---- | C] () -- C:\Users\John\Desktop\stupid-car-sticker.jpg
[2014/05/18 11:54:19 | 000,158,508 | ---- | C] () -- C:\Users\John\Desktop\oQtI613.gif
[2014/05/17 15:54:31 | 000,001,306 | ---- | C] () -- C:\Users\John\Desktop\FreeFileSync.lnk
[2014/05/16 13:33:29 | 000,102,556 | ---- | C] () -- C:\Users\John\Desktop\2014-05-16_133328.jpg
[2014/05/16 13:25:32 | 000,072,660 | ---- | C] () -- C:\Users\John\Desktop\2014-05-16_132531.jpg
[2014/05/16 13:24:10 | 000,121,791 | ---- | C] () -- C:\Users\John\Desktop\2014-05-16_132409.jpg
[2014/05/16 13:22:50 | 000,150,415 | ---- | C] () -- C:\Users\John\Desktop\2014-05-16_132250.jpg
[2014/05/16 13:20:13 | 000,055,211 | ---- | C] () -- C:\Users\John\Desktop\2014-05-16_132012.jpg
[2014/05/16 13:17:01 | 000,132,603 | ---- | C] () -- C:\Users\John\Desktop\2014-05-16_131659.jpg
[2014/05/16 13:14:56 | 000,045,123 | ---- | C] () -- C:\Users\John\Desktop\2014-05-16_131450.jpg
[2014/05/14 13:28:19 | 000,012,194 | ---- | C] () -- C:\cc_20140514_132816.reg
[2014/05/13 15:52:48 | 000,062,086 | ---- | C] () -- C:\Users\John\Desktop\2014-05-13_155246.jpg
[2014/05/13 15:44:31 | 000,008,172 | ---- | C] () -- C:\Users\John\Desktop\2014-05-13_154430.jpg
[2014/05/13 15:21:03 | 000,011,349 | ---- | C] () -- C:\Users\John\Desktop\2014-05-13_152102.jpg
[2014/05/13 15:20:38 | 000,008,349 | ---- | C] () -- C:\Users\John\Desktop\2014-05-13_152037.jpg
[2014/05/12 15:10:15 | 000,105,076 | ---- | C] () -- C:\Users\John\Desktop\2014-05-12_151014.jpg
[2014/05/12 15:09:44 | 000,083,760 | ---- | C] () -- C:\Users\John\Desktop\2014-05-12_150944.jpg
[2014/05/12 15:09:25 | 000,100,132 | ---- | C] () -- C:\Users\John\Desktop\2014-05-12_150924.jpg
[2014/05/09 14:41:50 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/03/06 12:06:05 | 000,000,107 | ---- | C] () -- C:\Users\John\AppData\Roaming\CamData.ini
[2014/03/06 11:59:10 | 000,000,096 | ---- | C] () -- C:\Users\John\AppData\Roaming\version2.xml
[2014/03/06 11:57:58 | 002,274,213 | ---- | C] () -- C:\Users\John\AppData\Roaming\CamShapes.ini
[2014/03/06 11:57:58 | 000,135,089 | ---- | C] () -- C:\Users\John\AppData\Roaming\CamLayout.ini
[2014/03/06 11:57:58 | 000,004,524 | ---- | C] () -- C:\Users\John\AppData\Roaming\CamStudio.cfg
[2014/01/09 15:24:37 | 000,000,600 | ---- | C] () -- C:\Users\John\AppData\Local\PUTTY.RND
[2013/12/09 11:53:26 | 000,001,231 | ---- | C] () -- C:\Users\John\AppData\Local\recently-used.xbel
[2013/05/26 13:06:43 | 000,000,098 | ---- | C] () -- C:\Users\John\AppData\Roaming\CamStudio.Producer.command
[2013/04/03 18:32:05 | 002,872,512 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2013/04/03 18:32:04 | 000,015,576 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2013/04/03 18:31:57 | 000,010,200 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2013/03/28 11:50:05 | 000,180,632 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/28 11:50:04 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/10/04 16:10:03 | 000,000,048 | ---- | C] () -- C:\Windows\System32\cmasiop.ini
[2012/10/04 16:10:02 | 000,042,258 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012/10/04 16:09:27 | 000,000,923 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012/10/04 16:09:22 | 000,004,969 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012/10/04 16:09:21 | 000,000,516 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2012/10/04 15:29:20 | 000,561,152 | ---- | C] () -- C:\Windows\System32\Cmeauoxy.exe
[2012/10/04 15:28:42 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2012/09/28 12:05:29 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2012/09/28 12:05:29 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2012/09/21 12:58:25 | 000,015,046 | ---- | C] () -- C:\Windows\UN060501.INI
[2012/08/18 11:00:47 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012/03/09 12:14:42 | 000,000,022 | -HS- | C] () -- C:\Users\John\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/09/21 11:01:35 | 000,081,920 | ---- | C] () -- C:\Users\John\AppData\Roaming\ezpinst.exe
[2011/09/21 11:01:35 | 000,007,176 | ---- | C] () -- C:\Users\John\AppData\Roaming\pcouffin.cat
[2011/09/21 11:01:35 | 000,001,144 | ---- | C] () -- C:\Users\John\AppData\Roaming\pcouffin.inf
[2010/09/11 13:16:21 | 000,000,022 | -HS- | C] () -- C:\Users\John\AppData\Roaming\Sys6925.Config Collection.sys
[2010/03/12 14:46:34 | 000,012,800 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/25 19:39:50 | 000,007,599 | ---- | C] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
========== ZeroAccess Check ==========
[2012/07/14 19:11:12 | 000,000,596 | ---- | M] () -- C:\Users\John\AppData\Roaming\Thunderbird\Profiles\qd0q0kvh.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 22:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 8 bytes -> C:\Windows:
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:3440EB47
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A29E7570
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences

< End of report >
 

Attachments

Last edited by a moderator:

Malnutrition

Still Hungry
iHF Master Craftsman
#14
I am really not sure about printers do not own one, never have......


Right Click Otl. Run As administrator.
Copy the content of the code box below.
Paste into Otl window.
Hit the run fix button.
Log located here. C:\_OTL\MovedFiles
Post the log in your next reply.


Code:
:commands
[createrestorepoint]


:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
@Alternate Data Stream - 8 bytes -> C:\Windows:
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:3440EB47
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A29E7570
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences



:files
ipconfig /flushdns /c
netsh winsock reset  /c


:commands
[emptytemp]
[emptyflash]
[emptyjava]
[resethosts]
[purity]
[reboot]
Once done if you are satisfied then do the following.

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
Allow the program to complete its work.
All the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 

Cameldung

I Like It Here
iHF Veteran
Advisor
WCG Team Member
#15
I am really not sure about printers do not own one, never have......


Right Click Otl. Run As administrator.
Copy the content of the code box below.
Paste into Otl window.
Hit the run fix button.
Log located here. C:\_OTL\MovedFiles
Post the log in your next reply.


Code:
:commands
[createrestorepoint]


:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
@Alternate Data Stream - 8 bytes -> C:\Windows:
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:3440EB47
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A29E7570
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences



:files
ipconfig /flushdns /c
netsh winsock reset  /c


:commands
[emptytemp]
[emptyflash]
[emptyjava]
[resethosts]
[purity]
[reboot]
Once done if you are satisfied then do the following.

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
Allow the program to complete its work.
All the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
Hi again, ran OTL as admin, copied script into otl, hit "run fix" . Explorer obviously closed followed by error box "Cannot create file C:\users\John\desktop\cmd.bat." Yes it had a fullstop after bat. Pc stalled, no HD activity, left it for a while and killed OTL and restarted. A blank folder was created at C:\otl\moved files.

Could you please advise action from here?

Thanks again
 

Malnutrition

Still Hungry
iHF Master Craftsman
#16
Those were just some redundant files, you can attempt to run it again if it fails we will use FRST to remove the files....

Please download and save FRST 64bit or FRST 32 bit to your Desktop.


CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.


  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

Cameldung

I Like It Here
iHF Veteran
Advisor
WCG Team Member
#17
Those were just some redundant files, you can attempt to run it again if it fails we will use FRST to remove the files....

Please download and save FRST 64bit or FRST 32 bit to your Desktop.


CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.


  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Thanks for that, heres the logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014
Ran by John (administrator) on WIN7I7 on 09-06-2014 13:28:42
Running from C:\Users\John\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Nalpeiron Ltd.) C:\Windows\System32\ASTSRV.EXE
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Windows\System32\PSIService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Windows\system\HsMgr.exe
(CMedia) C:\Program Files\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(Nenad Hrg (SoftwareOK.com)) C:\portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3873704 2014-05-09] (AVAST Software)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [379672 2013-07-18] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM\...\Run: [Cmaudio8788] => RunDll32 cmicnfgp.cpl,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\system\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Windows7FirewallControl] => C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [835584 2011-08-22] (Sphinx Software)
HKU\S-1-5-21-2368525537-1876345335-41732501-1000\...\Run: [AlwaysMouseWheel] => C:\portable apps\AlwaysMouseWheel\AlwaysMouseWheel.exe [55296 2012-06-12] (Nenad Hrg (SoftwareOK.com))
HKU\S-1-5-21-2368525537-1876345335-41732501-1000\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28B0A479A594CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Tcpip\..\Interfaces\{8492EACB-B276-4CCF-9CDD-BB6F528D3351}: [NameServer]208.67.220.220,208.67.222.222

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [777016 2013-07-18] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3873784 2014-02-25] (Acronis)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-05-09] (AVAST Software)
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251760 2011-10-31] (BUFFALO INC.)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S4 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7142320 2014-02-04] (Acronis)
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [417792 2011-08-22] (Sphinx Software)
S2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-09] ()
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1760256 2011-03-10] (C-Media Inc)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-18] (Elaborate Bytes AG)
R3 HSXHWCD2; C:\Windows\System32\DRIVERS\HSXHWCD2.sys [243712 2007-02-19] (Conexant Systems, Inc.)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [96368 2009-08-13] (JMicron Technology Corp.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation)
S3 P17; C:\Windows\System32\drivers\P17.sys [1147392 2009-04-21] (Creative Technology Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2012-06-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2012-06-18] ()
S3 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [889888 2014-02-25] (Acronis International GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2013-08-30] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [143648 2013-10-26] (Acronis International GmbH)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [116000 2013-08-30] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [85280 2013-08-30] (Acronis International GmbH)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 HSFHWCD2; system32\DRIVERS\HSFHWCD2.sys [X]
S3 HSF_DP; system32\DRIVERS\HSF_DP.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 Mtlmnt5; system32\DRIVERS\Mtlmnt5.sys [X]
S3 Mtlstrm; system32\DRIVERS\Mtlstrm.sys [X]
S3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [X]
S0 RecAgent; system32\DRIVERS\RecAgent.sys [X]
S3 Slnt7554; system32\DRIVERS\slnt7554.sys [X]
S3 SlNtHal; system32\DRIVERS\Slnthal.sys [X]
S3 SlWdmSup; system32\DRIVERS\SlWdmSup.sys [X]
S3 TEAM; system32\DRIVERS\RtTeam60.sys [X]
U5 UnlockerDriver5; C:\portable apps\unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-09 13:28 - 2014-06-09 13:28 - 00011423 _____ () C:\Users\John\Desktop\FRST.txt
2014-06-09 13:28 - 2014-06-09 13:28 - 00000000 ____D () C:\FRST
2014-06-09 13:27 - 2014-06-09 13:28 - 01063424 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-06-09 12:52 - 2014-06-09 12:52 - 00000000 ____D () C:\_OTL
2014-06-09 10:42 - 2014-06-09 10:42 - 00085886 _____ () C:\Users\John\Desktop\OTL.Txt
2014-06-09 10:42 - 2014-06-09 10:42 - 00066330 _____ () C:\Users\John\Desktop\Extras.Txt
2014-06-09 10:34 - 2014-06-09 10:34 - 00602112 _____ (OldTimer Tools) C:\Users\John\Desktop\OTL.exe
2014-06-08 12:41 - 2014-06-08 12:41 - 00000000 ____D () C:\Program Files\Pale Moon
2014-06-08 11:20 - 2014-06-08 11:09 - 00009513 _____ () C:\Users\John\Desktop\zoek-results.txt
2014-06-08 11:08 - 2014-06-08 11:08 - 00000322 _____ () C:\Windows\PFRO.log
2014-06-08 11:07 - 2014-06-09 13:06 - 00000280 _____ () C:\Windows\setupact.log
2014-06-08 11:07 - 2014-06-08 11:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-08 11:01 - 2014-06-09 13:28 - 00000000 ____D () C:\Users\John\AppData\Local\Temp
2014-06-08 11:01 - 2014-06-08 11:01 - 00000000 ____D () C:\Users\Default\AppData\Local\Temp
2014-06-08 11:01 - 2014-06-08 11:01 - 00000000 ____D () C:\Users\Default User\AppData\Local\Temp
2014-06-08 11:01 - 2014-06-08 10:52 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-06-08 10:54 - 2014-06-08 11:09 - 00009513 _____ () C:\zoek-results.log
2014-06-08 10:52 - 2014-06-08 11:01 - 00000000 ____D () C:\zoek_backup
2014-06-08 10:52 - 2014-06-08 10:52 - 00000000 ____D () C:\Users\John\Desktop\zoek
2014-06-08 10:48 - 2014-06-08 10:48 - 00004684 _____ () C:\cc_20140608_104810.reg
2014-06-08 10:35 - 2014-06-08 10:35 - 00000000 ____D () C:\Users\John\Desktop\ipv6fix
2014-06-07 14:13 - 2014-06-07 14:13 - 00001096 _____ () C:\Users\John\Desktop\AdwCleaner[S0].txt
2014-06-07 13:55 - 2014-06-07 14:12 - 00000000 ____D () C:\AdwCleaner
2014-06-07 13:54 - 2014-06-07 13:54 - 01333465 _____ () C:\Users\John\Desktop\adwcleaner_3.212.exe
2014-06-07 13:42 - 2014-06-07 13:42 - 00000743 _____ () C:\Users\John\Desktop\JRT.txt
2014-06-07 13:35 - 2014-06-07 13:35 - 01016261 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe
2014-06-07 12:34 - 2014-06-07 12:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-07 12:34 - 2014-06-07 12:34 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-07 12:34 - 2014-06-07 12:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-07 12:34 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-07 12:34 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-07 12:34 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-06 09:31 - 2014-06-06 09:31 - 00982016 _____ (Farbar) C:\Users\John\Desktop\MiniToolBox.exe
2014-06-04 09:42 - 2014-06-04 09:44 - 00000000 ____D () C:\Users\John\Desktop\xyplorer_free_noinstall
2014-05-31 16:12 - 2014-05-31 16:12 - 00000245 _____ () C:\Users\John\Desktop\iHelpForum.URL
2014-05-31 13:44 - 2014-05-31 13:45 - 00000000 ____D () C:\Users\John\Desktop\roberto delgado
2014-05-28 14:36 - 2014-05-28 14:36 - 00002176 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-05-28 14:36 - 2014-05-28 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-28 14:35 - 2014-06-08 11:01 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-28 14:35 - 2014-05-28 14:36 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-05-28 14:34 - 2014-05-28 14:36 - 00000000 ____D () C:\Users\John\AppData\Roaming\DVDVideoSoft
2014-05-27 11:47 - 2014-05-27 11:47 - 00282624 _____ (Big Daddy Design) C:\Users\John\Desktop\Windows_7_in_a_Box.exe
2014-05-24 15:55 - 2014-05-24 15:55 - 11026133 _____ () C:\Users\John\Desktop\The VW Boys Big Earl.mp4
2014-05-19 11:07 - 2014-05-19 11:07 - 00001803 _____ () C:\Users\John\Desktop\PartitionWizard.lnk
2014-05-17 15:54 - 2014-05-17 15:54 - 00001306 _____ () C:\Users\John\Desktop\FreeFileSync.lnk
2014-05-15 13:02 - 2014-06-05 16:21 - 00000000 ____D () C:\Users\John\Desktop\country
2014-05-14 13:28 - 2014-05-14 13:28 - 00012194 _____ () C:\cc_20140514_132816.reg
2014-05-13 10:35 - 2014-05-13 10:35 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 10:35 - 2014-05-13 10:35 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 10:19 - 2014-05-13 10:19 - 00000000 ____D () C:\ProgramData\McAfee

==================== One Month Modified Files and Folders =======

2014-06-09 13:28 - 2014-06-09 13:28 - 00011423 _____ () C:\Users\John\Desktop\FRST.txt
2014-06-09 13:28 - 2014-06-09 13:28 - 00000000 ____D () C:\FRST
2014-06-09 13:28 - 2014-06-09 13:27 - 01063424 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-06-09 13:28 - 2014-06-08 11:01 - 00000000 ____D () C:\Users\John\AppData\Local\Temp
2014-06-09 13:13 - 2009-07-14 14:34 - 00023584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 13:13 - 2009-07-14 14:34 - 00023584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 13:10 - 2010-01-13 15:17 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-09 13:09 - 2010-01-13 15:16 - 01344831 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 13:06 - 2014-06-08 11:07 - 00000280 _____ () C:\Windows\setupact.log
2014-06-09 13:06 - 2012-03-13 12:49 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-09 13:06 - 2009-07-14 14:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 12:52 - 2014-06-09 12:52 - 00000000 ____D () C:\_OTL
2014-06-09 11:55 - 2014-01-14 13:02 - 00000000 ____D () C:\Users\John\Desktop\forum pics
2014-06-09 10:42 - 2014-06-09 10:42 - 00085886 _____ () C:\Users\John\Desktop\OTL.Txt
2014-06-09 10:42 - 2014-06-09 10:42 - 00066330 _____ () C:\Users\John\Desktop\Extras.Txt
2014-06-09 10:34 - 2014-06-09 10:34 - 00602112 _____ (OldTimer Tools) C:\Users\John\Desktop\OTL.exe
2014-06-09 10:28 - 2010-01-17 12:43 - 00000000 ____D () C:\Users\John\AppData\Roaming\MailWasherPro
2014-06-08 12:41 - 2014-06-08 12:41 - 00000000 ____D () C:\Program Files\Pale Moon
2014-06-08 11:33 - 2012-09-27 11:02 - 00000000 ____D () C:\Windows\pss
2014-06-08 11:09 - 2014-06-08 11:20 - 00009513 _____ () C:\Users\John\Desktop\zoek-results.txt
2014-06-08 11:09 - 2014-06-08 10:54 - 00009513 _____ () C:\zoek-results.log
2014-06-08 11:08 - 2014-06-08 11:08 - 00000322 _____ () C:\Windows\PFRO.log
2014-06-08 11:07 - 2014-06-08 11:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-08 11:01 - 2014-06-08 11:01 - 00000000 ____D () C:\Users\Default\AppData\Local\Temp
2014-06-08 11:01 - 2014-06-08 11:01 - 00000000 ____D () C:\Users\Default User\AppData\Local\Temp
2014-06-08 11:01 - 2014-06-08 10:52 - 00000000 ____D () C:\zoek_backup
2014-06-08 11:01 - 2014-05-28 14:35 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-08 10:52 - 2014-06-08 11:01 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-06-08 10:52 - 2014-06-08 10:52 - 00000000 ____D () C:\Users\John\Desktop\zoek
2014-06-08 10:48 - 2014-06-08 10:48 - 00004684 _____ () C:\cc_20140608_104810.reg
2014-06-08 10:47 - 2012-06-11 16:19 - 00000000 ____D () C:\Users\John\AppData\Roaming\uTorrent
2014-06-08 10:35 - 2014-06-08 10:35 - 00000000 ____D () C:\Users\John\Desktop\ipv6fix
2014-06-07 14:13 - 2014-06-07 14:13 - 00001096 _____ () C:\Users\John\Desktop\AdwCleaner[S0].txt
2014-06-07 14:12 - 2014-06-07 13:55 - 00000000 ____D () C:\AdwCleaner
2014-06-07 13:54 - 2014-06-07 13:54 - 01333465 _____ () C:\Users\John\Desktop\adwcleaner_3.212.exe
2014-06-07 13:42 - 2014-06-07 13:42 - 00000743 _____ () C:\Users\John\Desktop\JRT.txt
2014-06-07 13:35 - 2014-06-07 13:35 - 01016261 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe
2014-06-07 12:52 - 2014-06-07 12:34 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-07 12:34 - 2014-06-07 12:34 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-07 12:34 - 2014-06-07 12:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-07 12:34 - 2010-03-12 13:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-06 16:58 - 2010-01-14 12:49 - 00000000 ____D () C:\Temp
2014-06-06 09:31 - 2014-06-06 09:31 - 00982016 _____ (Farbar) C:\Users\John\Desktop\MiniToolBox.exe
2014-06-05 16:21 - 2014-05-15 13:02 - 00000000 ____D () C:\Users\John\Desktop\country
2014-06-05 16:21 - 2014-04-03 13:19 - 00000000 ____D () C:\Users\John\Desktop\oldies
2014-06-05 16:20 - 2010-02-09 08:35 - 00000000 ____D () C:\My Shared Folder
2014-06-05 12:20 - 2014-02-16 10:52 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-04 12:44 - 2012-09-09 16:01 - 00000000 ____D () C:\Users\John\Desktop\images
2014-06-04 12:44 - 2010-01-16 15:08 - 00000000 ____D () C:\Program Files\GetSmile
2014-06-04 09:44 - 2014-06-04 09:42 - 00000000 ____D () C:\Users\John\Desktop\xyplorer_free_noinstall
2014-06-02 15:50 - 2014-02-06 14:31 - 00001402 _____ () C:\Users\John\Desktop\XYplorer.lnk
2014-05-31 16:12 - 2014-05-31 16:12 - 00000245 _____ () C:\Users\John\Desktop\iHelpForum.URL
2014-05-31 13:45 - 2014-05-31 13:44 - 00000000 ____D () C:\Users\John\Desktop\roberto delgado
2014-05-28 14:36 - 2014-05-28 14:36 - 00002176 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-05-28 14:36 - 2014-05-28 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-28 14:36 - 2014-05-28 14:35 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-05-28 14:36 - 2014-05-28 14:34 - 00000000 ____D () C:\Users\John\AppData\Roaming\DVDVideoSoft
2014-05-27 12:02 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\registration
2014-05-27 11:47 - 2014-05-27 11:47 - 00282624 _____ (Big Daddy Design) C:\Users\John\Desktop\Windows_7_in_a_Box.exe
2014-05-26 09:44 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-25 15:11 - 2014-05-05 15:58 - 00000000 ____D () C:\Users\John\Desktop\Irish
2014-05-25 12:34 - 2012-12-19 14:06 - 00000000 ____D () C:\Users\John\AppData\Roaming\VideoReDo-TVSuite4
2014-05-25 12:34 - 2010-01-14 14:14 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-25 11:44 - 2010-01-16 11:48 - 00000000 ____D () C:\mp3
2014-05-24 15:55 - 2014-05-24 15:55 - 11026133 _____ () C:\Users\John\Desktop\The VW Boys Big Earl.mp4
2014-05-23 12:09 - 2012-08-06 14:59 - 00000000 ____D () C:\Users\John\AppData\Roaming\MediaMonkey
2014-05-20 15:50 - 2012-03-08 10:25 - 00000000 ____D () C:\Program Files\Okdo Document Converter Professional
2014-05-19 11:07 - 2014-05-19 11:07 - 00001803 _____ () C:\Users\John\Desktop\PartitionWizard.lnk
2014-05-17 15:54 - 2014-05-17 15:54 - 00001306 _____ () C:\Users\John\Desktop\FreeFileSync.lnk
2014-05-16 12:57 - 2014-01-10 12:27 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-16 12:57 - 2011-03-22 15:07 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-16 12:57 - 2010-03-21 13:01 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-14 13:28 - 2014-05-14 13:28 - 00012194 _____ () C:\cc_20140514_132816.reg
2014-05-13 10:35 - 2014-05-13 10:35 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 10:35 - 2014-05-13 10:35 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 10:19 - 2014-05-13 10:19 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-12 07:26 - 2014-06-07 12:34 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-07 12:34 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-07 12:34 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\Users\John\AppData\Roaming\CamData.ini
C:\Users\John\AppData\Roaming\CamLayout.ini
C:\Users\John\AppData\Roaming\CamShapes.ini


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-30 13:20

==================== End Of Log ============================
 

Attachments

Last edited by a moderator:

Malnutrition

Still Hungry
iHF Master Craftsman
#18
Download & SAVE to your Desktop one of the following.

Rouge Killer 64 Bit

Rouge Killer 32 Bit

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and Attach the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64and press the Fix button just once and wait.Iffor some reason the tool needs a restart, please make sure you let the system restart normally.After that let the tool complete its run. When finished FRST will generate a log on the Desktop(Fixlog.txt).Please post it to your reply.
 

Attachments

Cameldung

I Like It Here
iHF Veteran
Advisor
WCG Team Member
#19
Download & SAVE to your Desktop one of the following.

Rouge Killer 64 Bit

Rouge Killer 32 Bit

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and Attach the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64and press the Fix button just once and wait.Iffor some reason the tool needs a restart, please make sure you let the system restart normally.After that let the tool complete its run. When finished FRST will generate a log on the Desktop(Fixlog.txt).Please post it to your reply.
Hi again, I cant see a file called RKreport[2].txt but found these 2 attached, as is the Fixlog.txt.

Thank you

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:06-06-2014
Ran by John at 2014-06-09 14:53:57 Run:1
Running from C:\Users\John\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\John\AppData\Roaming\CamData.ini
C:\Users\John\AppData\Roaming\CamLayout.ini
C:\Users\John\AppData\Roaming\CamShapes.ini
2014-05-13 10:19 - 2014-05-13 10:19 - 00000000 ____D () C:\ProgramData\McAfee
C:\ProgramData\McAfee
AlternateDataStreams: C:\Windows:
AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\Windows:nlsPreferences
cmd: ipconfig /flushdns
cmd: netsh winsock reset
*****************

C:\Users\John\AppData\Roaming\CamData.ini => Moved successfully.
C:\Users\John\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\John\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\ProgramData\McAfee => Moved successfully.
"C:\ProgramData\McAfee" => File/Directory not found.
"C:\Windows" => ":" ADS not found.
"C:\Windows" => ":AstInfo" ADS not found.
"C:\Windows" => ":nlsPreferences" ADS not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


==== End of Fixlog ====
 

Attachments

Last edited by a moderator:

Malnutrition

Still Hungry
iHF Master Craftsman
#20
Everything looks good, if you are happy with the result then please do the following.

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
Allow the program to complete its work.
All the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt