WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Computer running slow- 43 programs running in task manager!

2 posters

descriptionComputer running slow- 43 programs running in task manager! EmptyComputer running slow- 43 programs running in task manager!17th March 2010, 7:42 pm

more_horiz
Hi everyone- could use a big assist.
Recently my computer crashed after picking up a virus. That has since been cleaned out (many thanks to you folks) but other problems persisted so I took it to a local shop who fixed it up even further.

I'm having some pretty serious issues w/the computer's overall operational speed, especially on the internet, and I think it's related to the 43 programs that are running ALL the time according to the task manager.

I tried shutting the programs down individually (using task manager) but shut one program down incorrectly and, blammo, the whole computer shuts down. When I reboot, it may take several tries before it comes back completely online & when it does, every one of the 43 operating programs is back online according to task manager- can you say ARRGGHH?

Obviously, I am not a whiz @ repairing this problem & it is causing me serious frustration. To complicate matters, I am about to embark as an instructor in an online teaching program and will need this old gal to run as optimally as possible, not in its current fashion.

I'm looking for help/advice and would appreciate any you can give.
And THANKS in advance.

have updated java/java re, have adobe reader 9.3, have done windows update and ran malwarebytes

Hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:25 PM, on 3/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\One-VA VPN Client\cvpnd.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lee Spector\Desktop\Computer Fix\winlogon-hijack this.scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\LEE SPECTOR\Application Data\Mozilla\Profiles\default\1e1pt6uc.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\LEE SPECTOR\Application Data\Mozilla\Profiles\default\1e1pt6uc.slt\prefs.js)
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 windows-shield.microsoft.com
O1 - Hosts: 91.212.127.226 windows-shield.com
O1 - Hosts: 91.212.127.226 www.windows-shield.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lee Spector\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Seagate 2GE48GT8 Product Registration.lnk = C:\Documents and Settings\Lee Spector\Application Data\Leadertech\PowerRegister\Seagate 2GE48GT8 Product Registration.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\One-VA VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11054 bytes

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!18th March 2010, 6:49 pm

more_horiz
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!18th March 2010, 8:38 pm

more_horiz
Okie dokie, all done. Here's the log. And again, thanks for the help!

ComboFix 10-03-17.07 - Lee Spector 03/18/2010 16:25:30.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.133 [GMT -4:00]
Running from: c:\documents and settings\Lee Spector\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx

.
((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))
.

2010-03-17 23:49 . 2009-12-16 18:42 872960 ----a-w- c:\documents and settings\Lee Spector\Application Data\Mozilla\Firefox\Profiles\57l6dgnn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-17 23:49 . 2009-12-16 18:42 43008 ----a-w- c:\documents and settings\Lee Spector\Application Data\Mozilla\Firefox\Profiles\57l6dgnn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-17 23:49 . 2009-12-16 18:42 340480 ----a-w- c:\documents and settings\Lee Spector\Application Data\Mozilla\Firefox\Profiles\57l6dgnn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-17 23:49 . 2009-12-16 18:41 346624 ----a-w- c:\documents and settings\Lee Spector\Application Data\Mozilla\Firefox\Profiles\57l6dgnn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-17 19:20 . 2010-03-17 19:20 833448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-17 15:06 . 2010-03-17 15:06 -------- d-----w- c:\program files\Common Files\Java
2010-03-17 15:06 . 2010-03-17 15:06 503808 ----a-w- c:\documents and settings\Lee Spector\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-350583a9-n\msvcp71.dll
2010-03-17 15:06 . 2010-03-17 15:06 499712 ----a-w- c:\documents and settings\Lee Spector\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-350583a9-n\jmc.dll
2010-03-17 15:06 . 2010-03-17 15:06 348160 ----a-w- c:\documents and settings\Lee Spector\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-350583a9-n\msvcr71.dll
2010-03-17 15:06 . 2010-03-17 15:06 61440 ----a-w- c:\documents and settings\Lee Spector\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f032a0c-n\decora-sse.dll
2010-03-17 15:06 . 2010-03-17 15:06 12800 ----a-w- c:\documents and settings\Lee Spector\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f032a0c-n\decora-d3d.dll
2010-03-10 12:40 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-02-19 06:02 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-19 06:02 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-18 14:07 . 2010-02-18 14:07 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 20:15 . 2004-08-19 07:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-17 15:05 . 2009-09-20 02:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-14 22:09 . 2004-08-25 20:05 -------- d-----w- c:\program files\Quicken
2010-03-11 23:38 . 2009-09-19 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 23:38 . 2010-01-05 02:14 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-10 23:08 . 2009-12-19 22:30 -------- d-----w- c:\documents and settings\Lee Spector\Application Data\Skype
2010-03-10 22:54 . 2009-12-19 22:35 -------- d-----w- c:\documents and settings\Lee Spector\Application Data\skypePM
2010-03-09 23:39 . 2009-12-19 23:43 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-09 23:39 . 2009-12-19 23:41 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-09 23:39 . 2004-08-19 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-22 01:02 . 2008-05-18 16:49 -------- d-----w- c:\documents and settings\Lee Spector\Application Data\ZoomBrowser EX
2010-02-21 22:16 . 2008-05-18 16:43 -------- d-----w- c:\documents and settings\Lee Spector\Application Data\CameraWindowDC
2010-02-21 21:38 . 2010-01-17 17:43 -------- d-----w- c:\documents and settings\Lee Spector\Application Data\Move Networks
2010-02-07 17:14 . 2009-10-19 02:25 60356 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-07 00:42 . 2009-12-26 16:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-23 03:45 . 2004-08-23 23:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-21 17:06 . 2010-01-21 17:06 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-01-21 17:00 . 2005-02-16 15:33 -------- d-----w- c:\program files\TurboTax
2010-01-17 17:43 . 2010-01-17 17:43 144160 ----a-w- c:\documents and settings\Lee Spector\Application Data\Move Networks\uninstall.exe
2010-01-17 17:43 . 2009-12-07 01:22 5603776 ----a-w- c:\documents and settings\Lee Spector\Application Data\Move Networks\plugins\npqmp071705000014.dll
2010-01-07 21:07 . 2009-09-19 02:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-09-19 02:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 15:33 . 2004-08-23 22:35 64504 ----a-w- c:\documents and settings\Lee Spector\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 16:50 . 2002-08-29 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-26 15:26 . 2009-12-26 15:26 28696928 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-12-26 15:21 . 2009-12-26 15:21 4852064 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\Leapster2Plugin.exe
2009-12-21 19:14 . 2006-04-28 14:58 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 22:35 . 2009-12-19 22:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-01 02:47 . 2008-04-10 10:17 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2006-10-11 08:04 . 2008-04-10 10:17 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-04-10 10:17 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-04-10 10:17 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-04-10 10:17 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-04-10 10:17 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2004-08-25 18:49 . 2004-08-25 18:49 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Lee Spector\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Lee Spector\Start Menu\Programs\Startup\
Seagate 2GE48GT8 Product Registration.lnk - c:\documents and settings\Lee Spector\Application Data\Leadertech\PowerRegister\Seagate 2GE48GT8 Product Registration.exe [2010-1-7 1731736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/9/2010 2:01 PM 102448]
S3 COH_Mon;COH_Mon;c:\windows\SYSTEM32\DRIVERS\COH_Mon.sys [1/12/2008 10:32 PM 23888]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [5/6/2008 5:06 PM 11520]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2947446175-2427019368-3370249861-1008Core.job
- c:\documents and settings\Lee Spector\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-13 19:59]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2947446175-2427019368-3370249861-1008UA.job
- c:\documents and settings\Lee Spector\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-13 19:59]

2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{9BDE1C9B-2A28-4661-9953-C2421ACDB82A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
FF - ProfilePath - c:\documents and settings\Lee Spector\Application Data\Mozilla\Firefox\Profiles\57l6dgnn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Lee Spector\Desktop\Computer Fix\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 16:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
Completion time: 2010-03-18 16:35:12
ComboFix-quarantined-files.txt 2010-03-18 20:35
ComboFix2.txt 2009-09-19 19:42

Pre-Run: 99,148,005,376 bytes free
Post-Run: 99,155,271,680 bytes free

- - End Of File - - B87FB4D6C45A58075D33CD3A890C7CB4

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!21st March 2010, 3:36 pm

more_horiz
bump and thanks again for all your help

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!22nd March 2010, 2:08 pm

more_horiz
BUMP again

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!24th March 2010, 2:46 pm

more_horiz
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!24th March 2010, 3:42 pm

more_horiz
Thank you for your help

OTL.txt

OTL logfile created on: 3/24/2010 11:25:04 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Lee Spector\Desktop\Computer Fix
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 280.00 Mb Available Physical Memory | 55.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.50 Gb Total Space | 92.19 Gb Free Space | 63.36% Space Free | Partition Type: NTFS
Drive D: | 483.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DF5QDH51
Current User Name: Lee Spector
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/24 11:20:42 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lee Spector\Desktop\Computer Fix\OTL.exe
PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/29 16:36:15 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/22 04:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/08/25 16:41:30 | 001,421,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\One-VA VPN Client\cvpnd.exe


========== Modules (SafeList) ==========

MOD - [2010/03/24 11:20:42 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lee Spector\Desktop\Computer Fix\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/03/29 16:36:15 | 001,245,064 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/11/04 22:28:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/22 04:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/08/25 16:41:30 | 001,421,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\One-VA VPN Client\cvpnd.exe -- (CVPND)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/10 06:19:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/10/22 19:48:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/21 20:58:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/21 20:58:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/01/13 18:59:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/03/17 11:06:17 | 000,000,000 | ---D | M]

[2010/03/22 12:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Spector\Application Data\Mozilla\Firefox\Profiles\57l6dgnn.default\extensions
[2010/03/17 19:49:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lee Spector\Application Data\Mozilla\Firefox\Profiles\57l6dgnn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/17 19:49:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Lee Spector\Application Data\Mozilla\Firefox\Profiles\57l6dgnn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/22 12:40:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/10 06:17:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/10 06:17:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2010/03/19 16:52:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2010/03/19 16:51:50 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2010/03/19 16:51:50 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2010/03/19 16:51:50 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2010/03/19 16:51:51 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2010/03/19 16:51:51 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/09/18 22:13:21 | 000,000,155 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 windows-shield.microsoft.com
O1 - Hosts: 91.212.127.226 windows-shield.com
O1 - Hosts: 91.212.127.226 www.windows-shield.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\Lee Spector\Start Menu\Programs\Startup\Seagate 2GE48GT8 Product Registration.lnk = C:\Documents and Settings\Lee Spector\Application Data\Leadertech\PowerRegister\Seagate 2GE48GT8 Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Jasc Paint Shop Photo Album Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Jasc Paint Shop Photo Album Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/08/19 02:35:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: {f54910c7-a2f3-4ca4-81b2-4a43a5e2680a} - KB916281
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ctmp3 - C:\WINDOWS\SYSTEM32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CTRX - ctrxvid.drv File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/23 18:44:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/18 16:24:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/18 16:24:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/18 16:24:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/18 16:24:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/18 16:13:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/17 11:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/17 11:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008/03/24 20:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2008/03/04 17:28:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/10/15 18:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/15 03:00:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/11/01 18:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/11/01 18:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/07/11 17:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/10/13 21:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/10/13 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2004/08/19 03:05:21 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2004/08/19 02:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/24 11:10:01 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2947446175-2427019368-3370249861-1008UA.job
[2010/03/24 10:17:17 | 000,000,404 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9BDE1C9B-2A28-4661-9953-C2421ACDB82A}.job
[2010/03/24 02:10:01 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2947446175-2427019368-3370249861-1008Core.job
[2010/03/23 16:14:04 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Lee Spector\Desktop\arthur response.doc
[2010/03/21 18:40:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/03/21 18:40:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/03/21 18:26:12 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/18 16:35:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/18 16:31:46 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/18 16:17:54 | 003,894,152 | R--- | M] () -- C:\Documents and Settings\Lee Spector\Desktop\ComboFix.exe
[2010/03/18 10:45:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/18 03:01:27 | 000,000,738 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/03/17 15:27:43 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/17 15:27:43 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/17 15:27:41 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 15:24:31 | 000,001,315 | ---- | M] () -- C:\Documents and Settings\Lee Spector\Start Menu\Programs\Startup\Seagate 2GE48GT8 Product Registration.lnk
[2010/03/17 15:23:24 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/03/17 15:21:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/03/17 15:20:15 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Lee Spector\ntuser.dat
[2010/03/17 15:20:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Lee Spector\NTUSER.INI
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/11 23:33:17 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/10 14:55:56 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/03/10 14:54:32 | 000,001,820 | -H-- | M] () -- C:\Documents and Settings\Lee Spector\My Documents\Default.rdp
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/23 16:14:03 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Lee Spector\Desktop\arthur response.doc
[2010/03/18 16:24:28 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/18 16:24:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/18 16:24:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/18 16:24:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/18 16:24:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/18 16:19:54 | 003,894,152 | R--- | C] () -- C:\Documents and Settings\Lee Spector\Desktop\ComboFix.exe
[2010/03/17 15:20:59 | 000,833,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/04 20:09:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/12/26 12:23:34 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/19 19:42:34 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/12/19 17:38:21 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2009/05/08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/02/28 12:06:21 | 000,025,000 | ---- | C] () -- C:\Documents and Settings\Lee Spector\Application Data\Comma Separated Values (Windows).ADR
[2007/08/10 19:56:49 | 000,000,715 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/12/20 18:29:03 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2005/11/14 16:26:04 | 000,002,559 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/07/06 15:26:17 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/02/20 19:27:53 | 000,000,103 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2004/12/25 21:00:27 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2004/10/26 11:25:05 | 000,000,050 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/09/16 20:10:44 | 000,000,267 | ---- | C] () -- C:\WINDOWS\RWLog.INI
[2004/09/10 17:02:10 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Lee Spector\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/02 14:32:16 | 000,000,032 | ---- | C] () -- C:\WINDOWS\concentr.ini
[2004/09/02 14:09:10 | 000,000,052 | ---- | C] () -- C:\WINDOWS\webica.ini
[2004/08/31 16:56:50 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2004/08/31 16:56:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2004/08/26 15:44:36 | 000,000,500 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/08/26 13:04:01 | 000,135,000 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/08/26 07:29:06 | 000,000,092 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/08/25 16:05:51 | 000,000,172 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/25 14:49:10 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/08/25 14:33:39 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Lee Spector\Application Data\PFP120JPR.{PB
[2004/08/25 14:33:39 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Lee Spector\Application Data\PFP120JCM.{PB
[2004/08/24 19:26:01 | 000,010,286 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/08/24 10:55:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/19 03:17:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/19 03:06:56 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/19 03:05:34 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/08/19 03:05:21 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2004/08/19 03:05:21 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004/08/19 03:05:21 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/08/19 03:05:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/08/19 03:05:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/08/19 03:04:55 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/08/19 02:53:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/19 02:53:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 02:38:28 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/11 11:02:24 | 000,000,811 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/04/22 16:37:50 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\DLBKPLC.INI
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2004/08/19 03:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/19 20:02:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/07/01 21:34:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/07/01 21:12:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2007/11/04 23:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/12/26 11:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2010/01/07 19:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/01/05 10:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/01/04 19:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/08/19 03:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/07 17:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/10/01 11:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/17 18:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/01 21:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Spector\Application Data\Canon
[2004/09/02 14:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Spector\Application Data\ICAClient
[2004/09/23 15:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Spector\Application Data\Leadertech
[2006/06/01 20:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Spector\Application Data\Netscape
[2006/10/16 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Spector\Application Data\Sauce
[2009/01/19 17:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lee Spector\Application Data\Snapfish
[2010/03/24 10:17:17 | 000,000,404 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9BDE1C9B-2A28-4661-9953-C2421ACDB82A}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[2009/12/21 15:14:03 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\iepeers.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 09:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 09:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 09:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2006/09/24 11:27:34 | 000,000,705 | ---- | M] () -- C:\1db18030-ca16-4c44-8825-f2a878a93602.cab
[2007/11/04 23:54:59 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2001/09/01 17:53:00 | 000,499,712 | ---- | M] () -- C:\APA PERRLA 5.dot
[2002/09/03 09:59:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/07/11 18:14:14 | 023,358,486 | ---- | M] () -- C:\BellSouthIW.reg
[2004/09/01 13:26:25 | 010,256,508 | ---- | M] () -- C:\BellSouthIW.re~
[2009/02/24 18:53:34 | 021,250,210 | ---- | M] () -- C:\BLShkcu.reg
[2009/02/24 18:54:17 | 034,996,226 | ---- | M] () -- C:\BLShklm.reg
[2006/10/13 13:30:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/05 09:20:47 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2002/09/03 09:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/03/18 16:35:13 | 000,013,111 | ---- | M] () -- C:\ComboFix.txt
[2004/09/02 14:09:10 | 000,000,000 | ---- | M] () -- C:\COMLOG.txt
[2002/09/03 09:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/08/19 02:43:00 | 000,006,661 | RH-- | M] () -- C:\DELL.SDR
[2002/09/03 09:59:58 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/19 03:08:07 | 000,000,850 | -H-- | M] () -- C:\IPH.PH
[2010/03/17 11:12:29 | 000,012,875 | ---- | M] () -- C:\JavaRa.log
[2009/12/19 17:33:54 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2002/09/03 09:59:58 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2006/07/11 17:04:22 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/11 09:45:50 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/03/17 15:21:45 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2001/09/01 17:53:00 | 000,009,710 | ---- | M] () -- C:\PERRLA APA5 Rule.ini
[2004/08/26 15:47:29 | 000,000,168 | ---- | M] () -- C:\setupfax.log
[2004/08/19 03:08:17 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2006/09/24 11:26:14 | 000,000,170 | ---- | M] () -- C:\threatalerts.txt
[2004/09/02 14:32:16 | 000,000,033 | ---- | M] () -- C:\WFCNAME.INI

< %PROGRAMFILES%\*. >
[2004/08/19 03:04:40 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 6.0
[2010/01/05 09:55:55 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/05/21 13:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2008/08/20 16:10:50 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/09/18 14:32:07 | 000,000,000 | ---D | M] -- C:\Program Files\Ashampoo
[2009/07/30 14:59:43 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-HSI
[2010/01/05 09:57:33 | 000,000,000 | ---D | M] -- C:\Program Files\BellSouth.net
[2010/01/05 11:29:29 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/01/05 09:59:36 | 000,000,000 | ---D | M] -- C:\Program Files\BroadJump
[2009/06/19 20:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2009/06/19 20:01:17 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2010/01/07 19:46:53 | 000,000,000 | ---D | M] -- C:\Program Files\Carbonite
[2010/01/04 20:51:47 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/01/05 10:01:04 | 000,000,000 | ---D | M] -- C:\Program Files\Classic PhoneTools
[2010/03/18 16:29:56 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/19 02:37:38 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2004/08/19 02:52:06 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/03/21 20:58:32 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2004/08/19 03:05:09 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2004/08/19 03:03:54 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/01/05 10:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2004/08/19 03:10:53 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Computer
[2010/01/05 10:43:58 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2004/08/25 11:42:12 | 000,000,000 | ---D | M] -- C:\Program Files\DiMAGE Image Viewer Utility
[2006/10/16 18:31:19 | 000,000,000 | ---D | M] -- C:\Program Files\Disney
[2004/10/13 22:04:07 | 000,000,000 | ---D | M] -- C:\Program Files\Grolier Interactive
[2010/01/07 19:48:17 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2004/08/19 03:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/01/25 00:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/01/05 11:30:42 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2006/07/22 16:28:37 | 000,000,000 | ---D | M] -- C:\Program Files\ItsDeductible2005
[2007/02/08 11:06:23 | 000,000,000 | ---D | M] -- C:\Program Files\ItsDeductible2006
[2006/06/01 15:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\ItsDeductibleEX
[2010/01/05 11:32:13 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2004/08/19 03:11:09 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/01/04 18:51:09 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/09/19 08:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\jpsufa
[2009/12/26 12:23:38 | 000,000,000 | ---D | M] -- C:\Program Files\LeapFrog
[2009/12/19 19:44:01 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/03/11 19:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/11 09:59:11 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2004/08/24 10:54:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2004/08/19 02:37:44 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2005/09/11 17:20:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2009/09/14 20:19:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/02/18 10:07:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/03/11 04:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/03/22 16:23:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/12 09:49:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/09/14 20:19:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/08/19 02:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/19 02:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/23 04:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/01/05 10:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2008/09/11 09:48:25 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/06/01 20:37:14 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2009/08/14 12:10:07 | 000,000,000 | ---D | M] -- C:\Program Files\Nick Jr. Arcade
[2009/04/11 07:36:47 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360
[2007/03/08 13:06:25 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Internet Security(2)
[2004/09/02 12:14:46 | 000,000,000 | ---D | M] -- C:\Program Files\One-VA VPN Client
[2004/08/19 02:37:38 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/08/13 13:56:45 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/10/22 19:48:16 | 000,000,000 | ---D | M] -- C:\Program Files\PayPal
[2008/01/13 16:21:36 | 000,000,000 | ---D | M] -- C:\Program Files\PERRLA
[2008/12/25 02:53:55 | 000,000,000 | ---D | M] -- C:\Program Files\Photo Viewer
[2010/01/04 19:54:19 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars.NET
[2010/03/23 21:16:12 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2010/01/05 11:29:01 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2004/08/19 03:07:45 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/12 09:49:16 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/04/10 06:19:11 | 000,000,000 | ---D | M] -- C:\Program Files\RichFX
[2010/01/05 10:22:06 | 000,000,000 | ---D | M] -- C:\Program Files\Rio
[2009/09/03 11:45:09 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/01/07 19:47:55 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2009/12/19 18:29:19 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2005/07/25 18:11:04 | 000,000,000 | ---D | M] -- C:\Program Files\SONICblue
[2009/04/01 08:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/01/21 13:00:36 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2005/06/19 07:55:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2004/08/26 13:03:56 | 000,000,000 | ---D | M] -- C:\Program Files\VA
[2009/09/18 14:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2009/09/18 15:35:31 | 000,000,000 | ---D | M] -- C:\Program Files\WinASO
[2009/12/19 17:46:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2008/09/11 09:48:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/11 09:48:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/03/29 16:37:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2004/08/24 19:43:22 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/08/19 03:15:35 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2004/08/19 02:37:44 | 000,000,000 | ---D | M] -- C:\Program Files\XEROX
[2010/01/04 19:46:16 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2004/08/19 03:13:45 | 000,000,000 | ---D | M] -- C:\Program Files\Your Company Name


< MD5 for: AGP440.SYS >
[2006/07/11 17:00:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/11 09:41:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2006/07/11 17:00:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/11 09:41:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2006/07/11 17:00:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\agp440.sys
[2001/08/17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2006/07/11 17:00:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/11 09:41:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2006/07/11 17:00:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/11 09:41:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/07/11 17:00:15 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\atapi.sys
[2003/04/23 10:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys
[2003/04/23 10:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2003/04/23 10:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\eventlog.dll
[2002/08/29 06:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 06:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\scecli.dll
[2002/08/29 06:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-18 07:04:41

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!24th March 2010, 3:43 pm

more_horiz
OTL Extras logfile created on: 3/24/2010 11:25:04 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Lee Spector\Desktop\Computer Fix
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 280.00 Mb Available Physical Memory | 55.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.50 Gb Total Space | 92.19 Gb Free Space | 63.36% Space Free | Partition Type: NTFS
Drive D: | 483.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DF5QDH51
Current User Name: Lee Spector
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{6323D880-0BD9-11D5-A569-00B0D0180C89}" = DiMAGE Image Viewer Utility
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{7452472E-FC85-4AEB-8B67-24C63ECCF5C8}" = LeapFrog Leapster2 Plugin
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{99937FD4-972B-4E7D-993C-66FC3BD02656}" = One-VA VPN Client
"{9DF0BE48-16F0-4E36-814D-9B4FDFFAF25F}" = PayPal Plug-In
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB75312A-5C5A-485D-930A-8B5CF77824E6}" = Initio USB Default Controller Driver 32-bit
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C10837B8-DEF8-4789-8016-A224991F241F}" = SymNet
"{C1E5DF32-8248-4347-908C-E030EDAE4368}" = DA920EN
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™️ 4.1
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"APA PERRLA" = APA PERRLA
"Ashampoo WinOptimizer 5_is1" = Ashampoo WinOptimizer 5.04
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MX860 series User Registration" = Canon MX860 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Netscape (7.2)" = Netscape (7.2)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Photo Viewer_is1" = Photo Viewer s2.5
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.83
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"The Little Mermaid Bubble Blast" = The Little Mermaid Bubble Blast
"The Little Mermaid Pinball" = The Little Mermaid Pinball
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"UPCShell" = LeapFrog Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Pilot Desktop" = Palm Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2010 2:32:49 PM | Computer Name = DF5QDH51 | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 3/17/2010 8:41:51 AM | Computer Name = DF5QDH51 | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
js3250.dll, version 4.0.0.0, fault address 0x00027d9a.

Error - 3/17/2010 12:06:21 PM | Computer Name = DF5QDH51 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2010 12:06:21 PM | Computer Name = DF5QDH51 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2010 12:06:28 PM | Computer Name = DF5QDH51 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2010 2:29:03 PM | Computer Name = DF5QDH51 | Source = Application Error | ID = 1000
Description = Faulting application netscp.exe, version 7.2.0.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x00011689.

Error - 3/17/2010 9:35:34 PM | Computer Name = DF5QDH51 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20061.1023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2010 3:24:09 PM | Computer Name = DF5QDH51 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/21/2010 5:09:32 PM | Computer Name = DF5QDH51 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/22/2010 12:30:02 PM | Computer Name = DF5QDH51 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module unknown, version 0.0.0.0, fault address 0xf1bbfcc3.

[ System Events ]
Error - 3/7/2010 1:20:16 PM | Computer Name = DF5QDH51 | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 3/7/2010 1:20:20 PM | Computer Name = DF5QDH51 | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).

Error - 3/7/2010 1:20:23 PM | Computer Name = DF5QDH51 | Source = Service Control Manager | ID = 7034
Description = The Cisco Systems, Inc. VPN Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/7/2010 1:34:51 PM | Computer Name = DF5QDH51 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 3/9/2010 7:40:51 PM | Computer Name = DF5QDH51 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 3/17/2010 3:23:20 PM | Computer Name = DF5QDH51 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 3/17/2010 5:19:19 PM | Computer Name = DF5QDH51 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/18/2010 4:24:27 PM | Computer Name = DF5QDH51 | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/18/2010 4:25:10 PM | Computer Name = DF5QDH51 | Source = Service Control Manager | ID = 7034
Description = The McciCMService service terminated unexpectedly. It has done this
1 time(s).

Error - 3/24/2010 11:25:27 AM | Computer Name = DF5QDH51 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!24th March 2010, 6:46 pm

more_horiz
Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :otl
    O1 - Hosts: 91.212.127.226 windows-shield.microsoft.com
    O1 - Hosts: 91.212.127.226 windows-shield.com
    O1 - Hosts: 91.212.127.226 www.windows-shield.com
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)

    :files
    @C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP"=-
    "445:TCP"=-
    "137:UDP"=-
    "138:UDP"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP"=-
    "445:TCP"=-
    "137:UDP"=-
    "138:UDP"=-
    "1900:UDP"=-
    "2869:TCP"=-

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done. It should launch a fix log, please post it in your next reply.


We need to do some diagnostics.

1. Please download Profiles by noahdfear.
  • Save it to your desktop.
  • Double-click profiles.exe and post its log when you reply


2. Download Win32kDiag by ad13 and save it to your Desktop.
  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


3. In your next reply, please post the following logs for my review:
  • Profiles log (1)
  • Win32kDiag log (2)
  • OTL Fix Log (3)


Thanks! Smile...

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!24th March 2010, 8:32 pm

more_horiz
Here's the OTL log. Others to follow

========== OTL ==========
91.212.127.226 windows-shield.microsoft.com removed from HOSTS file successfully
91.212.127.226 windows-shield.com removed from HOSTS file successfully
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\motive.com\patttbc.att\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
========== FILES ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP deleted successfully.

OTL by OldTimer - Version 3.1.37.3 log created on 03242010_1

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!24th March 2010, 8:35 pm

more_horiz
profiles log


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2947446175-2427019368-3370249861-1008
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Lee Spector

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2947446175-2427019368-3370249861-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

SystemRoot REG_SZ C:\WINDOWS

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!24th March 2010, 8:42 pm

more_horiz
and the Win32kDiag?

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!24th March 2010, 8:50 pm

more_horiz
I was working on it. Not as fast as you but I'm learning Wink

Running from: C:\Documents and Settings\Lee Spector\Desktop\Computer Fix\Win32kDiag.exe

Log file at : C:\Documents and Settings\Lee Spector\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!25th March 2010, 2:27 am

more_horiz
No biggie.

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!25th March 2010, 3:06 pm

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f036a1b15f7e9b428179917ae0f2cfe8
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-25 03:01:34
# local_time=2010-03-25 11:01:35 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=118075
# found=0
# cleaned=0
# scan_time=10500

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!25th March 2010, 5:30 pm

more_horiz
Your logs are clean.

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!25th March 2010, 6:48 pm

more_horiz
Results of screen317's Security Check version 0.99.2
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Norton 360
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 18
Adobe Flash Player 10
Adobe Reader 9.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!25th March 2010, 7:16 pm

more_horiz
See this page for more info about malware and prevention.

Do you have any more questions?

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!25th March 2010, 7:41 pm

more_horiz
At the moment, according to task manager, 42 processes are still running. That's not an appreciable difference from my first post. While I appreciate the help so far, these actions don't appear to have helped remedy that situation @ all & I'm still sorely frustrated. The computer is still running slow.

How do I turn know which of the 42-44 processes can be turned off & how do I do so that that each time I shut the computer down, the same 42-44 processes don't start up again? This is what I asked in my original post in this thread.

Thanks again.

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!25th March 2010, 9:03 pm

more_horiz
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!25th March 2010, 9:36 pm

more_horiz
From Procexp.txt.

Process PID CPU Description Company Name Command Line
System Idle Process 0 99.23
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 1124 Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 1188 Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 1212 Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 1256 0.77 Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
svchost.exe 1432 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe 1508 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k rpcss
svchost.exe 1660 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe 1772 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k NetworkService
svchost.exe 1900 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
CCSVCHST.EXE 2012 Symantec Service Framework Symantec Corporation "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
spoolsv.exe 132 Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1088 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalService
AppleMobileDeviceService.exe 1560 Apple Mobile Device Service Apple Inc. "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
AluSchedulerSvc.exe 1580 Automatic LiveUpdate Scheduler Service Symantec Corporation "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"
mDNSResponder.exe 1820 Bonjour Service Apple Inc. "C:\Program Files\Bonjour\mDNSResponder.exe"
CTsvcCDA.EXE 1920 Creative Service for CDROM Access Creative Technology Ltd C:\WINDOWS\System32\CTsvcCDA.exe
cvpnd.exe 2244 Cisco Systems VPN Client Cisco Systems, Inc. "C:\Program Files\One-VA VPN Client\cvpnd.exe"
FreeAgentService.exe 2968 Sync Windows Services Seagate Technology LLC "C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe"
IntuitUpdateService.exe 3028 Intuit Update Service Intuit Inc. "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"
jqs.exe 3268 Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
CommandService.exe 3576 CommandService Application LeapFrog Enterprises, Inc. "C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe"
LVPrcSrv.exe 3600 Logitech LVPrcSrv Module. Logitech Inc. "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
McciCMService.exe 3636 mcci+McciCMService Motive Communications, Inc. "C:\Program Files\Common Files\Motive\McciCMService.exe"
nvsvc32.exe 3708 NVIDIA Driver Helper Service, Version 45.02 NVIDIA Corporation C:\WINDOWS\System32\nvsvc32.exe
svchost.exe 3736 Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k imgsvc
wdfmgr.exe 3804 Windows User Mode Driver Manager Microsoft Corporation C:\WINDOWS\System32\wdfmgr.exe
MsPMSPSv.exe 1960 WMDM PMSP Service Microsoft Corporation C:\WINDOWS\System32\MsPMSPSv.exe
fxssvc.exe 600 Fax Service Microsoft Corporation C:\WINDOWS\system32\fxssvc.exe
CALMAIN.exe 2340 Canon Camera Access Library 8 Canon Inc. "C:\Program Files\Canon\CAL\CALMAIN.exe"
alg.exe 3460 Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
lsass.exe 1268 LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
explorer.exe 484 Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
stxmenumgr.exe 1836 FreeAgent™️ Launcher Seagate LLC "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
jusched.exe 248 Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
ctfmon.exe 612 CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe"
procexp.exe 1480 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\Lee Spector\Desktop\ProcessExplorer\procexp.exe"
CCSVCHST.EXE 1784 Symantec Service Framework Symantec Corporation /a /h ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

Thank you

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!26th March 2010, 1:15 am

more_horiz
All of those processes look legitimate and are required for Windows to run.

No malware found. Smile...

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!26th March 2010, 2:10 am

more_horiz
Ok so now I'm really my curious. My other computer, also running W/XP, generally only has 2-4 processes running at a time. Why does this computer have so many more?

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!26th March 2010, 4:16 am

more_horiz
For Windows XP, you have to place a check in the checkbox "Show Processes from All users."

There would be something really wrong with your XP system if only that little amount was running. Most systems have at least 30 processes running at once.

My system, Windows 7, runs 49-55 processes all the time. No problems here. Smile...

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!26th March 2010, 12:44 pm

more_horiz
ok, thanks for all the help!

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!26th March 2010, 2:33 pm

more_horiz
You're welcome.

descriptionComputer running slow- 43 programs running in task manager! EmptyRe: Computer running slow- 43 programs running in task manager!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum