Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: Possible Virus Please Help

  1. #1
    Member
    Join Date
    Oct 2009
    Posts
    87

    Default Possible Virus Please Help

    Hello.

    My dad's PC will no update or keep the correct time along with a host of other problems. At first I did not think the issue could be a virus so I set the PC back to factory settings, but nothing has changed as non of the security certificates for websites are correct/ accepted, windows update will still not work and the date and time just will not set.

    Thank you, for your help.

    Below is the DDS.log and the aswMBR log is underneath.

    ___________________________________________________________

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.16575
    Run by Alan at 15:40:01 on 2013-08-12
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2046.1322 [GMT 1:00]
    .
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
    TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
    mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
    mRunOnce: [PCDrProfiler] <no file>
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{BC8A0FF6-6E48-45C7-BD7D-7AAB53E677A3} : DHCPNameServer = 192.168.0.1
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-24 149864]
    R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-2-27 464384]
    R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-27 1245064]
    S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2008-2-27 180272]
    .
    =============== Created Last 30 ================
    .
    2013-08-12 14:07:20 -------- d-----w- c:\users\alan\appdata\local\ATI
    2013-08-12 14:07:14 -------- d-----w- c:\users\alan\appdata\roaming\Symantec
    2013-08-12 14:06:48 -------- d-----w- c:\users\alan\appdata\local\VirtualStore
    2013-08-12 13:54:08 -------- d-sh--we C:\Documents and Settings
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 15:40:18.56 ===============

    AND HERE IS THE aswMBR LOG

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-08-12 16:07:19
    -----------------------------
    16:07:19.095 OS Version: Windows 6.0.6000
    16:07:19.095 Number of processors: 2 586 0x6B02
    16:07:19.095 ComputerName: ALAN-PC UserName: Alan
    16:07:19.657 Initialize success
    16:07:42.854 The log file has been saved successfully to "C:\Users\Alan\Documents\aswMBR.txt"


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-08-12 16:11:43
    -----------------------------
    16:11:43.622 OS Version: Windows 6.0.6000
    16:11:43.622 Number of processors: 2 586 0x6B02
    16:11:43.637 ComputerName: ALAN-PC UserName: Alan
    16:11:44.339 Initialize success
    16:14:31.158 AVAST engine defs: 14042100
    16:18:04.922 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
    16:18:04.937 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
    16:18:05.093 Disk 0 MBR read successfully
    16:18:05.093 Disk 0 MBR scan
    16:18:05.125 Disk 0 unknown MBR code
    16:18:05.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 332744 MB offset 63
    16:18:05.156 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10652 MB offset 681461235
    16:18:05.203 Disk 0 scanning sectors +703277505
    16:18:05.359 Disk 0 scanning C:\Windows\system32\drivers
    16:18:16.294 Service scanning
    16:18:43.318 Modules scanning
    16:18:47.861 Disk 0 trace - called modules:
    16:18:47.885 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys USBPORT.SYS usbehci.sys netr73.sys usbhub.sys dxgkrnl.sys atikmdag.sys tcpip.sys NETIO.SYS i8042prt.sys mouclass.sys watchdog.sys
    16:18:47.891 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c22ad8]
    16:18:47.891 3 ntkrnlpa.exe[81cb07ee] -> nt!IofCallDriver -> [0x8486d710]
    16:18:47.891 5 acpi.sys[8023232a] -> nt!IofCallDriver -> \Device\00000057[0x83a82910]
    16:18:47.892 7 netr73.sys[8bf24f60] -> nt!IofCallDriver -> \Device\USBPDO-2[0x864c7030]
    16:18:47.892 9 usbhub.sys[8b2ffe61] -> nt!IofCallDriver -> \Device\USBPDO-1[0x85587028]
    16:18:49.219 AVAST engine scan C:\Windows
    16:18:51.052 AVAST engine scan C:\Windows\system32
    16:21:58.324 AVAST engine scan C:\Windows\system32\drivers
    16:22:15.188 AVAST engine scan C:\Users\Alan
    16:22:25.936 File: C:\Users\Alan\AppData\Local\Temp\jre-7u55-windows-i586-iftw_bd13e0f1.exe **INFECTED** Win32:Malware-gen
    16:22:39.539 AVAST engine scan C:\ProgramData
    16:23:31.347 Scan finished successfully
    16:24:32.400 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Documents\MBR.dat"
    16:24:32.415 The log file has been saved successfully to "C:\Users\Alan\Documents\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    How old is your dads computer, if its more than 7 or 8 years or so the battery may need to be replaced


    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • The Dashboard will look like this


    • Once the program has loaded, go to the scan tab on top and select Threat Scan
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Last edited by ken545; 2014-04-21 at 21:55.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Bump to remove double post
    Last edited by ken545; 2014-04-21 at 21:58. Reason: Double post

  4. #4
    Member
    Join Date
    Oct 2009
    Posts
    87

    Default Possible Virus Please Help

    Hi Ken 545,

    Thank you, very much for your support.

    Yes, the battery is easily 7-8 years old; so, I am going to purchase a new one today for him. I have also looked in the manual and on You Tube for replacement instructions and I think that I will be OK with trying it myself.

    Below is the scan report as requested. I noticed that the earlier log that I posted appeared to detail a Java update in the temp folder that seemed to be infected, is that correct please as Malwarebytes appears to have found nothing malicious?

    I shall await your next instructions.

    Thanks again.

    _________________________________


    Scan Date: 12/08/2013
    Scan Time: 21:09:52
    Logfile:
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.04.22.03
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows Vista
    CPU: x86
    File System: NTFS
    User: Alan

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 215992
    Time Elapsed: 8 min, 44 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  5. #5
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Is this a laptop or desktop ? If its a desktop you can buy the battery at places like Walmart, its a Lithium 3v 2032, there very inexpensive, but check with your manufacture first. The battery has to be replaced very quickly as it powers the cmos chip that holds all your configuration and if not done quickly enough that info can be lost. We can look into this further when where done.

    Run this cleaner that will clean out all your temp files

    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean







    Then run this scan and lets look deeper

    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #6
    Member
    Join Date
    Oct 2009
    Posts
    87

    Default Possible Virus Please Help

    Hi Ken545,

    I'm sorry about the short delay when getting back to you each time; as I don't live with my parents, I go back to their house to carry out your instructions when I see a new reply from you.

    Please find OTL.txt and Extras.txt below. I bought a new battery yesterday, but I have not fitted it yet.

    Thanks for your support.

    ________________________________________

    OTL.txt

    OTL logfile created on: 22/04/2014 17:36:08 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16575)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 64.94% Memory free
    4.21 Gb Paging File | 3.18 Gb Available in Paging File | 75.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 324.95 Gb Total Space | 307.02 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
    Drive D: | 10.40 Gb Total Space | 1.43 Gb Free Space | 13.70% Space Free | Partition Type: NTFS

    Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Alan\Desktop\OTL.exe (OldTimer Tools)
    PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\7b84bef09adbf786f9192b2d4bb994e0\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8e57048e9d3b3321c4ff3c66880067b9\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9071776a98334df487823379e930be74\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\849d3457b222542b7a70d93fa77e79e2\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fa956ff1d8e1100005c9aab0a9a22410\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a75c5fe513acaff9954c7a83684f56f5\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b751482f4ae6ced79fe5d27b5c8ecb12\mscorlib.ni.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2955.38824__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2955.38783__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2955.38836__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2955.38998__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2955.38965__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2955.38815__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2955.38924__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2955.38802__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2955.39027__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2955.38973__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2955.39033__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2955.38978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2955.38796__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2955.39051__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2955.38972__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2955.39025__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2955.38932__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2955.38848__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2955.38926__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2955.38803__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2955.38991__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2955.38919__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2955.38843__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2955.38947__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2955.38931__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2955.38925__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2955.38853__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2955.38931__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2955.38946__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2955.38958__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2886.28852__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2886.28859__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2955.38790__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2955.38810__90ba9c70f846762e\CLI.Component.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2955.39018__90ba9c70f846762e\MOM.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2955.38775__90ba9c70f846762e\CLI.Component.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2955.39017__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2955.39044__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2955.38773__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2955.38775__90ba9c70f846762e\ATIDEMOS.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2955.38775__90ba9c70f846762e\APM.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2955.38774__90ba9c70f846762e\AEM.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2955.39018__90ba9c70f846762e\CCC.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
    MOD - C:\WINDOWS\System32\atitmmxx.dll ()


    ========== Services (SafeList) ==========

    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
    DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
    DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (nvrd32) -- C:\WINDOWS\System32\drivers\nvrd32.sys (NVIDIA Corporation)
    DRV - (nvstor32) -- C:\WINDOWS\System32\drivers\nvstor32.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
    DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
    DRV - (netr73) -- C:\WINDOWS\System32\drivers\netr73.sys (Ralink Technology, Corp.)
    DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    IE - HKLM\..\SearchScopes,DefaultScope = {24ED1F25-AEA4-4A4A-B914-32F266843651}
    IE - HKLM\..\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
    IE - HKLM\..\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes,DefaultScope = {851A8443-B5A8-47F0-9639-C15E516C4C7B}
    IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
    IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
    IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes\{851A8443-B5A8-47F0-9639-C15E516C4C7B}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




    O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..Trusted Domains: live.com ([login] https in Trusted sites)
    O15 - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC8A0FF6-6E48-45C7-BD7D-7AAB53E677A3}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpg
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\awave.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/27 23:33:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/04/22 16:58:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe

    ========== Files - Modified Within 30 Days ==========

    [2014/04/22 17:36:47 | 000,622,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/04/22 17:36:47 | 000,108,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/04/22 17:31:19 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/04/22 17:31:19 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/04/22 17:31:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/04/22 17:31:09 | 2145,968,128 | -HS- | M] () -- C:\hiberfil.sys
    [2014/04/22 16:58:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
    [2014/04/03 09:51:10 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/04/03 09:51:00 | 000,073,432 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2013/08/12 15:17:25 | 000,000,680 | ---- | C] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2008/02/27 22:37:29 | 011,315,200 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2006/11/02 10:46:04 | 000,614,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========


    ========== Purity Check ==========

    < End of report >
    ________________________________________


    Extras.txt

    OTL Extras logfile created on: 22/04/2014 17:36:08 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16575)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 64.94% Memory free
    4.21 Gb Paging File | 3.18 Gb Available in Paging File | 75.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 324.95 Gb Total Space | 307.02 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
    Drive D: | 10.40 Gb Total Space | 1.43 Gb Free Space | 13.70% Space Free | Partition Type: NTFS

    Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{B8BEAD96-3A3B-4455-A075-08633A8C7875}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01EF7E36-5E23-96E5-C195-CB45880AB805}" = CCC Help Czech
    "{0238C5F4-A485-DE76-530F-F467AFACD7AC}" = Catalyst Control Center Localization Chinese Traditional
    "{039DB2DA-151D-8AF8-1BC8-B7E7157180A0}" = CCC Help French
    "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
    "{0D705D16-064C-BAA6-C4E1-067F9DC2A477}" = Catalyst Control Center Localization Hungarian
    "{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1
    "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
    "{11C97ACD-BD9C-027A-B490-67C5D6FCB14E}" = Catalyst Control Center Localization French
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{133A778F-13AD-A1B4-57DB-74D6DF2D0519}" = CCC Help Turkish
    "{13EFD013-6DD3-F5F4-F357-A95AA12C8A70}" = Catalyst Control Center Localization Greek
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{23D6E5AB-18D1-A6A1-69D0-F8D717B22306}" = CCC Help Portuguese
    "{240D1D4E-099E-8A4C-6A4C-241C60DB1863}" = CCC Help Dutch
    "{24B62B98-A210-1AF0-10DE-630538BB150D}" = Catalyst Control Center Graphics Full New
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
    "{25D1518C-B7C1-53C6-10E1-C06B340302FC}" = CCC Help Chinese Standard
    "{28FC4B8A-7FA5-B078-E25B-1D60BA1B135B}" = Catalyst Control Center Localization German
    "{2A31318A-C9F8-482E-6860-F738D8A9A94B}" = CCC Help Korean
    "{2ABD2125-CBBE-4E11-3573-D1F088BD2594}" = Catalyst Control Center Localization Italian
    "{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{352EA20F-C3F5-A2C4-5A63-472AF1FD87B5}" = Catalyst Control Center Graphics Previews Common
    "{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
    "{3D066F3A-48BA-E6BC-4C8A-0477FCE8DA87}" = Catalyst Control Center Localization Russian
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{4B3C7239-11B9-F8F3-0303-897538F3CFC8}" = Catalyst Control Center Core Implementation
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
    "{5587AD4E-2A66-C0A5-95C9-7D04683BEECB}" = Catalyst Control Center Localization Japanese
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{5BD715FA-CAAF-D30D-2613-22776086B382}" = CCC Help Finnish
    "{61F09589-4A31-B31D-2BE1-AC2A65583180}" = Catalyst Control Center Localization Dutch
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{671EEC45-A4AF-6E57-9808-F887CB1F5EE3}" = Catalyst Control Center Localization Swedish
    "{6AC3C209-610A-0799-7A5A-486AB7B0D8E1}" = ccc-core-static
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{734E5DD4-912F-A7CF-3945-ABDB768CEB34}" = Skins
    "{737CABA8-7A6C-C777-B568-285DAD5E90BC}" = CCC Help Thai
    "{73E82A61-DB85-A0A9-B09B-C480059F58EE}" = Catalyst Control Center Graphics Light
    "{741F918D-A8F8-E6CD-8A6E-12BCC47F952D}" = Catalyst Control Center Localization Chinese Standard
    "{82984E09-F0F7-60F2-8C6E-BCDB23FC0283}" = CCC Help Norwegian
    "{8800D4DB-33F1-DF48-F5FA-3F8A8D46D5D9}" = Catalyst Control Center Localization Portuguese
    "{899DA790-A271-6A1D-D7DC-573900BC4047}" = CCC Help German
    "{8B8433F3-BE3D-E9A2-B878-91633AAE80E2}" = Catalyst Control Center Localization Norwegian
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9505717F-666B-9AAA-008B-96F2A1759ED6}" = CCC Help Spanish
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A573E06-A63A-4054-DEBF-66116F066859}" = Catalyst Control Center Localization Korean
    "{9BDEE2D8-B415-6678-C8D3-1DEACD134637}" = Catalyst Control Center Localization Polish
    "{9C9E474F-075C-9414-2CB8-38FEDA33F70B}" = CCC Help Russian
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{9F00F0AC-AF1C-6242-0237-AA83B342C71D}" = CCC Help Polish
    "{A2AC0DE5-73A5-61CC-13B6-3B4DD1B9963B}" = Catalyst Control Center Localization Thai
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{AB29189D-56E8-5B13-0036-6B233346B2A8}" = CCC Help Danish
    "{AC491FE4-B6F9-01ED-F5B4-75F04266FD68}" = Catalyst Control Center Localization Danish
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{B52DFE51-966A-3A2F-0CA3-6A86D18D1CA5}" = Catalyst Control Center Localization Turkish
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{BC75E2A0-6E73-5DBD-4B81-267EEFC93666}" = Catalyst Control Center Localization Finnish
    "{BCA4A04F-2BF5-4A1A-01E2-C527D8CD0B35}" = ccc-utility
    "{C138C612-345A-A1B6-7DED-CCE5ADC3FD53}" = Catalyst Control Center Localization Czech
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
    "{C9A34BE5-FCA2-11B1-6A48-512FF58AA4BD}" = Catalyst Control Center Graphics Full Existing
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB267145-8ADA-C66E-2D61-5F989BFDA17A}" = CCC Help Japanese
    "{CD9282E5-F3B4-1942-D56D-9DCACEEA7BF9}" = CCC Help English
    "{CE7DC9FC-1E2C-394E-ACEE-1FFDE152A292}" = Catalyst Control Center Graphics Previews Vista
    "{D1EFBDCB-3C0A-C01E-A56B-26AEF453896B}" = CCC Help Hungarian
    "{DA42A12A-DA69-0D32-6254-7976F7AE268B}" = CCC Help Swedish
    "{DC01D608-E195-569B-180A-3661D60D44FE}" = ATI Catalyst Install Manager
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E5C4FD04-A70C-E186-C30E-9AB08ACAD3B9}" = CCC Help Greek
    "{F001C6A1-56EC-643F-2A91-164AA4EFECA3}" = CCC Help Italian
    "{F01EA7D4-4851-B2C9-E08D-029AED1203D3}" = Catalyst Control Center Localization Spanish
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F29D2233-EB8F-F36D-40FF-6B556729E3E1}" = CCC Help Chinese Traditional
    "{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "ERUNT_is1" = ERUNT 1.1j
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Drivers" = NVIDIA Drivers
    "OfficeTrial" = Microsoft Office Home and Student 60 day trial
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "WildTangent hp Master Uninstall" = My HP Games

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/08/2013 15:58:33 | Computer Name = Alan-PC | Source = WerSvc | ID = 5007
    Description =

    Error - 12/08/2013 16:59:11 | Computer Name = Alan-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 12/08/2013 17:59:31 | Computer Name = Alan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 12/08/2013 17:59:55 | Computer Name = Alan-PC | Source = WerSvc | ID = 5007
    Description =

    Error - 12/08/2013 18:01:13 | Computer Name = Alan-PC | Source = WerSvc | ID = 5007
    Description =

    Error - 22/04/2014 12:31:19 | Computer Name = Alan-PC | Source = WerSvc | ID = 5007
    Description =

    Error - 22/04/2014 12:31:36 | Computer Name = Alan-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.6000.16575, time stamp
    0x470c3339, faulting module mshtml.dll, version 7.0.6000.16587, time stamp 0x4722d0fd,
    exception code 0xc0000005, fault offset 0x0003c345, process id 0xe00, application
    start time 0x01cf5e48513d1263.

    Error - 22/04/2014 12:31:57 | Computer Name = Alan-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.6000.16575, time stamp
    0x470c3339, faulting module mshtml.dll, version 7.0.6000.16587, time stamp 0x4722d0fd,
    exception code 0xc0000005, fault offset 0x0003c345, process id 0xbec, application
    start time 0x01cf5e485e3819b3.

    Error - 22/04/2014 12:32:16 | Computer Name = Alan-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.6000.16575, time stamp
    0x470c3339, faulting module mshtml.dll, version 7.0.6000.16587, time stamp 0x4722d0fd,
    exception code 0xc0000005, fault offset 0x0003c345, process id 0xb8c, application
    start time 0x01cf5e4869d2cdb3.

    Error - 22/04/2014 12:32:35 | Computer Name = Alan-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.6000.16575, time stamp
    0x470c3339, faulting module mshtml.dll, version 7.0.6000.16587, time stamp 0x4722d0fd,
    exception code 0xc0000005, fault offset 0x0003c345, process id 0xaa4, application
    start time 0x01cf5e487550f133.

    [ System Events ]
    Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 22/04/2014 12:37:56 | Computer Name = Alan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =


    < End of report >

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Not to worry, reply back when you can.

    Check with your manufacturer and make sure you have the correct battery, is this a laptop or desktop ?

    Did you run TFC (Temp File Cleaner )


    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.



    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.





    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Member
    Join Date
    Oct 2009
    Posts
    87

    Default Possible Virus Please Help

    Hi Ken545,

    My apologies, yes, I did run TFC Cleaner and the PC is a desktop HP Pavillion Slimline.

    I am now going to run the Adw cleaner and Junkware removal tool; I will let you know as soon as they are done.

    Thanks again.

  9. #9
    Member
    Join Date
    Oct 2009
    Posts
    87

    Default Possible Virus Please Help

    Hi Ken545,

    Please find the requested logs below:

    Note AdwCleaner was titled AdwCleaner[S0].txt and NOT (S1) for some reason.

    I checked the user manual for the PC and it appears that the battery should be a 2032, 3 volt Lithium; so, I purchased a Duracell 2032 3V Lithium.

    Thanks again.
    ____________________________


    AdwCleaner[S1].txt


    # AdwCleaner v3.201 - Report created 22/04/2014 at 18:58:38
    # Updated 22/04/2014 by Xplode
    # Operating System : Windows Vista (TM) Home Premium (32 bits)
    # Username : Alan - ALAN-PC
    # Running from : C:\Users\Alan\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\S

    ***** [ Browsers ] *****

    -\\ Internet Explorer v7.0.6000.16575


    *************************

    AdwCleaner[R0].txt - [664 octets] - [22/04/2014 18:56:12]
    AdwCleaner[S0].txt - [588 octets] - [22/04/2014 18:58:38]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [647 octets] ##########

    _____________________________________

    AND JRT.txt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Alan on 22/04/2014 at 19:11:34.61
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 22/04/2014 at 19:13:46.35
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default





    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      IE - HKLM\..\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
      IE - HKLM\..\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
      IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes\{24ED1F25-AEA4-4A4A-B914-32F266843651}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
      IE - HKU\S-1-5-21-507268109-3519426565-122146191-1000\..\SearchScopes\{372C5994-42DE-45AF-8CFE-0ED3D9A88E32}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
      
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      
      
      :Commands
      [purity]
      [resethosts]
      [EMPTYJAVA] 
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces


    Then run a new scan with OTL and post the new log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •