Slow computer, I feel like I'm on dial up again please help me

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Slow computer, I feel like I'm on dial up again please help me2nd April 2010, 1:50 am

you helped me with my computer before but I must have done something to welcome a virus back again because it's running so sloLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:07 PM, on 4/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc630.mail.yahoo.com/mc/welcome?.gx=1&.tm=1269951406&.rand=7udnm61gbcj29
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163795320177
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Media Manager Indexer (MMIndexer) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5672 bytesw, I feel like I'm on dial up. here is a copy of Hijack this log file.

Re: Slow computer, I feel like I'm on dial up again please help me2nd April 2010, 1:50 pm

Please download ComboFix Slow computer, I feel like I'm on dial up again please help me Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Slow computer, I feel like I'm on dial up again please help me Query_RC

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Slow computer, I feel like I'm on dial up again please help me RC_successful

Slow computer, I feel like I'm on dial up again please help me RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Slow computer, I feel like I'm on dial up again please help me2nd April 2010, 10:30 pm

ComboFix 10-04-01.02 - Chris 04/02/2010 14:51:06.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.194 [GMT -7:00]
Running from: c:\documents and settings\Chris\Desktop\commy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\AcAdProc.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-02 05:04 . 2010-04-02 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-27 13:13 . 2010-03-30 12:14 -------- d-----w- c:\program files\Rumo
2010-03-18 08:49 . 2010-03-18 08:51 -------- dc-h--w- c:\windows\ie8
2010-03-12 16:57 . 2010-03-12 16:59 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Temp
2010-03-12 16:31 . 2010-03-12 16:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-12 16:30 . 2009-03-02 22:00 95592 ----a-w- c:\windows\system32\drivers\StarPortLite.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 15:33 . 2007-01-21 11:27 -------- d-----w- c:\program files\Google
2010-04-02 05:08 . 2009-10-16 14:24 -------- d-----w- c:\program files\DivX
2010-04-02 05:07 . 2010-02-11 08:36 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-01 15:08 . 2010-01-13 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 11:55 . 2010-01-20 23:39 -------- d-----w- c:\program files\Trend Micro
2010-03-30 07:46 . 2010-01-13 20:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-01-13 20:09 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-18 09:03 . 2009-11-02 02:16 -------- d-----w- c:\program files\Graboid
2010-03-18 09:02 . 2009-03-19 04:39 -------- d-----w- c:\program files\RealArcade
2010-03-18 08:51 . 2008-12-14 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-18 08:51 . 2007-10-26 09:43 -------- d-----w- c:\program files\Yahoo!
2010-03-18 08:18 . 2010-01-25 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-25 06:24 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 17:16 . 2010-02-11 06:35 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-11 08:27 . 2010-02-11 08:26 -------- d-----w- c:\program files\Veoh Networks
2010-02-11 06:32 . 2008-10-22 17:48 -------- d-----w- c:\program files\Windows Defender
2010-02-05 07:54 . 2007-07-17 07:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-04 17:29 . 2009-06-28 04:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-04 17:28 . 2008-01-30 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-07 22:38 . 2010-01-07 22:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 22:38 . 2010-01-07 22:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-01-07 22:22 . 2009-09-02 07:28 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys
2009-10-16 19:11 . 2009-10-16 19:10 1536 -csha-w- c:\program files\ehthumbs.db
2006-12-12 19:33 . 2006-12-12 19:33 56 --sh--r- c:\windows\system32\0E91058025.sys
2007-07-24 08:02 . 2006-10-26 15:56 56 --sh--r- c:\windows\system32\11C6F2E73F.sys
2007-07-24 08:02 . 2006-10-26 15:56 3454 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-01-26 2633976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Introducing Media Manager.lnk]
backup=c:\windows\pss\Introducing Media Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
path=c:\documents and settings\Chris\Start Menu\Programs\Startup\LimeWire On Startup.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\First Principle Group]
2007-08-15 15:23 1802240 -c--a-w- c:\program files\First Principle Group\fpg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-07-13 20:00 28739 -c--a-w- c:\program files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-06-03 04:44 1660952 ----a-w- c:\program files\Messenger\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 06:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" -tray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/12/2010 9:31 AM 721904]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [3/12/2010 9:30 AM 95592]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe --> c:\program files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [10/6/2004 10:39 AM 283904]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [10/4/2004 6:28 AM 43392]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [5/19/2009 10:40 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [5/19/2009 10:40 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [5/19/2009 10:40 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [5/19/2009 10:39 PM 10368]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 zgchsdiag;ZTE CDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgchsdiag.sys [2/24/2009 2:06 AM 105216]
S3 zgchsmdm;ZTE CDMA Handset USB Modem Proprietary;c:\windows\system32\drivers\zgchsmdm.sys [2/24/2009 2:06 AM 105216]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-04-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]

2010-04-02 c:\windows\Tasks\User_Feed_Synchronization-{CD1610B7-52EE-4D17-8807-655400EF8D00}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

2010-04-02 c:\windows\Tasks\User_Feed_Synchronization-{FC64643E-3601-416C-A5AF-37C118D6D0E3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc630.mail.yahoo.com/mc/welcome?.gx=1&.tm=1269951406&.rand=7udnm61gbcj29
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
Trusted Zone: yahoo.com\login
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 15:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spsp.sys hal.dll >>UNKNOWN [0x831CA938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8679f28
\Driver\ACPI -> ACPI.sys @ 0xf83f3cb8
\Driver\atapi -> atapi.sys @ 0xf8388b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1072)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\UnToAnsi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2010-04-02 15:15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-02 22:15

Pre-Run: 123,460,210,688 bytes free
Post-Run: 124,225,998,848 bytes free

- - End Of File - - B8669E911F732C2BEFF2077CECDFA5C3

Re: Slow computer, I feel like I'm on dial up again please help me3rd April 2010, 12:32 am

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Slow computer, I feel like I'm on dial up again please help me DXwU4

Slow computer, I feel like I'm on dial up again please help me DXwU4

Slow computer, I feel like I'm on dial up again please help me VvYDg

Re: Slow computer, I feel like I'm on dial up again please help me3rd April 2010, 2:21 pm

07:18:56:159 2328 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
07:18:56:159 2328 ================================================================================
07:18:56:159 2328 SystemInfo:

07:18:56:159 2328 OS Version: 5.1.2600 ServicePack: 3.0
07:18:56:159 2328 Product type: Workstation
07:18:56:159 2328 ComputerName: D4GJSZ81
07:18:56:159 2328 UserName: Chris
07:18:56:159 2328 Windows directory: C:\WINDOWS
07:18:56:159 2328 Processor architecture: Intel x86
07:18:56:159 2328 Number of processors: 2
07:18:56:159 2328 Page size: 0x1000
07:18:56:159 2328 Boot type: Normal boot
07:18:56:159 2328 ================================================================================
07:18:56:159 2328 UnloadDriverW: NtUnloadDriver error 2
07:18:56:159 2328 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
07:18:56:253 2328 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
07:18:56:253 2328 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
07:18:56:253 2328 wfopen_ex: Trying to KLMD file open
07:18:56:253 2328 wfopen_ex: File opened ok (Flags 2)
07:18:56:253 2328 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
07:18:56:253 2328 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
07:18:56:253 2328 wfopen_ex: Trying to KLMD file open
07:18:56:253 2328 wfopen_ex: File opened ok (Flags 2)
07:18:56:253 2328 Initialize success
07:18:56:253 2328
07:18:56:253 2328 Scanning Services ...
07:18:56:628 2328 Raw services enum returned 382 services
07:18:56:643 2328
07:18:56:643 2328 Scanning Kernel memory ...
07:18:56:643 2328 Devices to scan: 4
07:18:56:643 2328
07:18:56:643 2328 Driver Name: Disk
07:18:56:643 2328 IRP_MJ_CREATE : F867BBB0
07:18:56:643 2328 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:18:56:643 2328 IRP_MJ_CLOSE : F867BBB0
07:18:56:643 2328 IRP_MJ_READ : F8675D1F
07:18:56:643 2328 IRP_MJ_WRITE : F8675D1F
07:18:56:643 2328 IRP_MJ_QUERY_INFORMATION : 804F4562
07:18:56:643 2328 IRP_MJ_SET_INFORMATION : 804F4562
07:18:56:643 2328 IRP_MJ_QUERY_EA : 804F4562
07:18:56:643 2328 IRP_MJ_SET_EA : 804F4562
07:18:56:643 2328 IRP_MJ_FLUSH_BUFFERS : F86762E2
07:18:56:643 2328 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:18:56:643 2328 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:18:56:643 2328 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:18:56:643 2328 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:18:56:643 2328 IRP_MJ_DEVICE_CONTROL : F86763BB
07:18:56:643 2328 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8679F28
07:18:56:643 2328 IRP_MJ_SHUTDOWN : F86762E2
07:18:56:643 2328 IRP_MJ_LOCK_CONTROL : 804F4562
07:18:56:643 2328 IRP_MJ_CLEANUP : 804F4562
07:18:56:643 2328 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:18:56:643 2328 IRP_MJ_QUERY_SECURITY : 804F4562
07:18:56:643 2328 IRP_MJ_SET_SECURITY : 804F4562
07:18:56:643 2328 IRP_MJ_POWER : F8677C82
07:18:56:643 2328 IRP_MJ_SYSTEM_CONTROL : F867C99E
07:18:56:643 2328 IRP_MJ_DEVICE_CHANGE : 804F4562
07:18:56:643 2328 IRP_MJ_QUERY_QUOTA : 804F4562
07:18:56:643 2328 IRP_MJ_SET_QUOTA : 804F4562
07:18:56:690 2328 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
07:18:56:690 2328
07:18:56:690 2328 Driver Name: Disk
07:18:56:690 2328 IRP_MJ_CREATE : F867BBB0
07:18:56:690 2328 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:18:56:690 2328 IRP_MJ_CLOSE : F867BBB0
07:18:56:690 2328 IRP_MJ_READ : F8675D1F
07:18:56:690 2328 IRP_MJ_WRITE : F8675D1F
07:18:56:690 2328 IRP_MJ_QUERY_INFORMATION : 804F4562
07:18:56:690 2328 IRP_MJ_SET_INFORMATION : 804F4562
07:18:56:690 2328 IRP_MJ_QUERY_EA : 804F4562
07:18:56:690 2328 IRP_MJ_SET_EA : 804F4562
07:18:56:690 2328 IRP_MJ_FLUSH_BUFFERS : F86762E2
07:18:56:690 2328 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:18:56:690 2328 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:18:56:690 2328 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:18:56:690 2328 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:18:56:690 2328 IRP_MJ_DEVICE_CONTROL : F86763BB
07:18:56:690 2328 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8679F28
07:18:56:690 2328 IRP_MJ_SHUTDOWN : F86762E2
07:18:56:690 2328 IRP_MJ_LOCK_CONTROL : 804F4562
07:18:56:690 2328 IRP_MJ_CLEANUP : 804F4562
07:18:56:690 2328 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:18:56:690 2328 IRP_MJ_QUERY_SECURITY : 804F4562
07:18:56:690 2328 IRP_MJ_SET_SECURITY : 804F4562
07:18:56:690 2328 IRP_MJ_POWER : F8677C82
07:18:56:690 2328 IRP_MJ_SYSTEM_CONTROL : F867C99E
07:18:56:690 2328 IRP_MJ_DEVICE_CHANGE : 804F4562
07:18:56:690 2328 IRP_MJ_QUERY_QUOTA : 804F4562
07:18:56:690 2328 IRP_MJ_SET_QUOTA : 804F4562
07:18:56:706 2328 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
07:18:56:706 2328
07:18:56:706 2328 Driver Name: Disk
07:18:56:706 2328 IRP_MJ_CREATE : F867BBB0
07:18:56:706 2328 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:18:56:706 2328 IRP_MJ_CLOSE : F867BBB0
07:18:56:706 2328 IRP_MJ_READ : F8675D1F
07:18:56:706 2328 IRP_MJ_WRITE : F8675D1F
07:18:56:706 2328 IRP_MJ_QUERY_INFORMATION : 804F4562
07:18:56:706 2328 IRP_MJ_SET_INFORMATION : 804F4562
07:18:56:706 2328 IRP_MJ_QUERY_EA : 804F4562
07:18:56:706 2328 IRP_MJ_SET_EA : 804F4562
07:18:56:706 2328 IRP_MJ_FLUSH_BUFFERS : F86762E2
07:18:56:706 2328 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:18:56:706 2328 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:18:56:706 2328 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:18:56:706 2328 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:18:56:706 2328 IRP_MJ_DEVICE_CONTROL : F86763BB
07:18:56:706 2328 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8679F28
07:18:56:706 2328 IRP_MJ_SHUTDOWN : F86762E2
07:18:56:706 2328 IRP_MJ_LOCK_CONTROL : 804F4562
07:18:56:706 2328 IRP_MJ_CLEANUP : 804F4562
07:18:56:706 2328 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:18:56:706 2328 IRP_MJ_QUERY_SECURITY : 804F4562
07:18:56:706 2328 IRP_MJ_SET_SECURITY : 804F4562
07:18:56:706 2328 IRP_MJ_POWER : F8677C82
07:18:56:706 2328 IRP_MJ_SYSTEM_CONTROL : F867C99E
07:18:56:706 2328 IRP_MJ_DEVICE_CHANGE : 804F4562
07:18:56:706 2328 IRP_MJ_QUERY_QUOTA : 804F4562
07:18:56:706 2328 IRP_MJ_SET_QUOTA : 804F4562
07:18:56:706 2328 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
07:18:56:706 2328
07:18:56:706 2328 Driver Name: atapi
07:18:56:706 2328 IRP_MJ_CREATE : F8388B40
07:18:56:706 2328 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:18:56:706 2328 IRP_MJ_CLOSE : F8388B40
07:18:56:706 2328 IRP_MJ_READ : 804F4562
07:18:56:706 2328 IRP_MJ_WRITE : 804F4562
07:18:56:706 2328 IRP_MJ_QUERY_INFORMATION : 804F4562
07:18:56:706 2328 IRP_MJ_SET_INFORMATION : 804F4562
07:18:56:706 2328 IRP_MJ_QUERY_EA : 804F4562
07:18:56:706 2328 IRP_MJ_SET_EA : 804F4562
07:18:56:706 2328 IRP_MJ_FLUSH_BUFFERS : 804F4562
07:18:56:706 2328 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:18:56:706 2328 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:18:56:706 2328 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:18:56:706 2328 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:18:56:722 2328 IRP_MJ_DEVICE_CONTROL : F8388B40
07:18:56:722 2328 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8388B40
07:18:56:722 2328 IRP_MJ_SHUTDOWN : 804F4562
07:18:56:722 2328 IRP_MJ_LOCK_CONTROL : 804F4562
07:18:56:722 2328 IRP_MJ_CLEANUP : 804F4562
07:18:56:722 2328 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:18:56:722 2328 IRP_MJ_QUERY_SECURITY : 804F4562
07:18:56:722 2328 IRP_MJ_SET_SECURITY : 804F4562
07:18:56:722 2328 IRP_MJ_POWER : F8388B40
07:18:56:722 2328 IRP_MJ_SYSTEM_CONTROL : F8388B40
07:18:56:722 2328 IRP_MJ_DEVICE_CHANGE : 804F4562
07:18:56:722 2328 IRP_MJ_QUERY_QUOTA : 804F4562
07:18:56:722 2328 IRP_MJ_SET_QUOTA : 804F4562
07:18:56:737 2328 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
07:18:56:737 2328
07:18:56:737 2328 Completed
07:18:56:737 2328
07:18:56:737 2328 Results:
07:18:56:737 2328 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
07:18:56:737 2328 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
07:18:56:737 2328 File objects infected / cured / cured on reboot: 0 / 0 / 0
07:18:56:737 2328
07:18:56:737 2328 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
07:18:56:737 2328 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
07:18:56:737 2328 KLMD(ARK) unloaded successfully

Re: Slow computer, I feel like I'm on dial up again please help me3rd April 2010, 5:50 pm

We need to do some diagnostics.

1. Please download Profiles by noahdfear.

Save it to your desktop.
Double-click profiles.exe and post its log when you reply

2. Download Win32kDiag by ad13 and save it to your Desktop.

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3. In your next reply, please post the following logs for my review:

Profiles log (1)
Win32kDiag log (2)

Thanks! Smile...

Re: Slow computer, I feel like I'm on dial up again please help me4th April 2010, 3:30 am

Re: Slow computer, I feel like I'm on dial up again please help me4th April 2010, 4:06 am

Please go to VirSCAN.org FREE on-line scan
service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- C:\WINDOWS\system32\drivers\gbgppprj.dat
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Re: Slow computer, I feel like I'm on dial up again please help me9th April 2010, 5:13 pm

i went to the site you suggested but it won't let me enter anything in the box

Re: Slow computer, I feel like I'm on dial up again please help me9th April 2010, 8:43 pm

Try to browse for the file. Will that work?

Re: Slow computer, I feel like I'm on dial up again please help me11th April 2010, 8:54 pm

I am so sorry I lost the reply box for my original question. You had suggested that I pull up a program called "Virscan" or something like that, but when I did, I couldn't type or cut/paste anything into the suspicious files box, so you said to look up the file with my browser. When I did that, it brought up "Combofix" nothing elsed.....So, I ran that and the log file follows.

I also looked at the running processes because I wanted to know what was running that was making my pc so slow. I'll be honest...I don't know what I was looking at but I noticed that ixplore.exe and explorer.exewas using a lot of memory and that svchost.exe was listed several times...not using as much memory, but I had to wonder why.

One more thing...on my list of startup programs, I looked each one up to see if it was necessry to have it automatically start and found Qtask, MSMSGS and FPG all listed as viruses. I am not sure what to do about that.

Thank you for being so helpful...

ComboFix 10-04-10.02 - Chris 04/11/2010 13:23:52.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.218 [GMT -7:00]
Running from: c:\documents and settings\Chris\Desktop\commy.exe
.

((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-11 02:48 . 2010-04-11 02:51 -------- d-----w- C:\commy31802c
2010-04-05 05:33 . 2001-08-18 05:36 99328 ----a-w- c:\windows\system32\srusd.dll
2010-04-05 05:33 . 2001-08-18 05:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-04-05 05:33 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-04-05 05:33 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2010-04-05 05:33 . 2001-08-18 05:36 71680 ----a-w- c:\windows\system32\fnfilter.dll
2010-04-05 05:33 . 2001-08-18 05:36 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-04-03 14:16 . 2010-04-03 14:16 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\WinZip
2010-04-02 21:47 . 2010-04-02 22:15 -------- d-----w- C:\commy1608c
2010-04-02 05:04 . 2010-04-03 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-27 13:13 . 2010-03-30 12:14 -------- d-----w- c:\program files\Rumo
2010-03-18 08:49 . 2010-03-18 08:51 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 07:45 . 2005-12-11 16:57 -------- d-----w- c:\program files\Common Files\Java
2010-04-11 07:43 . 2009-05-20 04:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-03 23:36 . 2010-02-11 08:26 -------- d-----w- c:\program files\Veoh Networks
2010-04-03 20:41 . 2009-10-16 14:24 -------- d-----w- c:\program files\DivX
2010-04-03 14:16 . 2009-06-06 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-04-02 15:33 . 2007-01-21 11:27 -------- d-----w- c:\program files\Google
2010-04-02 05:04 . 2010-04-02 05:19 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-30 11:55 . 2010-01-20 23:39 -------- d-----w- c:\program files\Trend Micro
2010-03-18 09:03 . 2009-11-02 02:16 -------- d-----w- c:\program files\Graboid
2010-03-18 09:02 . 2009-03-19 04:39 -------- d-----w- c:\program files\RealArcade
2010-03-18 08:51 . 2008-12-14 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-18 08:51 . 2007-10-26 09:43 -------- d-----w- c:\program files\Yahoo!
2010-03-18 08:18 . 2010-01-25 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-16 17:05 . 2010-03-16 17:05 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-03-12 16:31 . 2010-03-12 16:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-25 06:24 . 2005-08-16 10:18 916480 ------w- c:\windows\system32\wininet.dll
2010-02-24 17:16 . 2010-02-11 06:35 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-11 06:32 . 2008-10-22 17:48 -------- d-----w- c:\program files\Windows Defender
2009-10-16 19:11 . 2009-10-16 19:10 1536 -csha-w- c:\program files\ehthumbs.db
2006-12-12 19:33 . 2006-12-12 19:33 56 --sh--r- c:\windows\system32\0E91058025.sys
2007-07-24 08:02 . 2006-10-26 15:56 56 --sh--r- c:\windows\system32\11C6F2E73F.sys
2007-07-24 08:02 . 2006-10-26 15:56 3454 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-11_03.04.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-11 07:44 . 2010-04-11 07:44 16384 c:\windows\temp\Perflib_Perfdata_c0c.dat
+ 2010-04-11 07:44 . 2010-04-11 07:43 153376 c:\windows\system32\javaws.exe
+ 2010-04-11 07:44 . 2010-04-11 07:43 145184 c:\windows\system32\javaw.exe
+ 2010-04-11 07:44 . 2010-04-11 07:43 145184 c:\windows\system32\java.exe
+ 2010-04-11 07:45 . 2010-04-11 07:45 180224 c:\windows\Installer\10cb75a.msi
+ 2010-04-11 07:43 . 2010-04-11 07:43 576000 c:\windows\Installer\10cb755.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Introducing Media Manager.lnk]
backup=c:\windows\pss\Introducing Media Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
path=c:\documents and settings\Chris\Start Menu\Programs\Startup\LimeWire On Startup.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 09:01 437160 -c--a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\First Principle Group]
2007-08-15 15:23 1802240 -c--a-w- c:\program files\First Principle Group\fpg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 22:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 22:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 22:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-07-13 20:00 28739 -c--a-w- c:\program files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-06-03 04:44 1660952 ----a-w- c:\program files\Messenger\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 06:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 22:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" -tray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=

R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [3/12/2010 9:30 AM 95592]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/12/2010 9:31 AM 721904]
S2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe --> c:\program files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [10/6/2004 10:39 AM 283904]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [10/4/2004 6:28 AM 43392]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [5/19/2009 10:40 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [5/19/2009 10:40 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [5/19/2009 10:40 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [5/19/2009 10:39 PM 10368]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 zgchsdiag;ZTE CDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgchsdiag.sys [2/24/2009 2:06 AM 105216]
S3 zgchsmdm;ZTE CDMA Handset USB Modem Proprietary;c:\windows\system32\drivers\zgchsmdm.sys [2/24/2009 2:06 AM 105216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-04-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]

2010-04-11 c:\windows\Tasks\User_Feed_Synchronization-{CD1610B7-52EE-4D17-8807-655400EF8D00}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

2010-04-11 c:\windows\Tasks\User_Feed_Synchronization-{FC64643E-3601-416C-A5AF-37C118D6D0E3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc630.mail.yahoo.com/mc/welcome?.gx=1&.tm=1269951406&.rand=7udnm61gbcj29
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
Trusted Zone: yahoo.com\login
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 13:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4376)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-11 13:39:56
ComboFix-quarantined-files.txt 2010-04-11 20:39
ComboFix2.txt 2010-04-11 03:11
ComboFix3.txt 2010-04-02 22:15

Pre-Run: 125,202,808,832 bytes free
Post-Run: 125,166,325,760 bytes free

- - End Of File - - 9319915D4BFE9FFCBA4E4660F9278B86

Re: Slow computer, I feel like I'm on dial up again please help me12th April 2010, 3:26 am

Hi

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Re: Slow computer, I feel like I'm on dial up again please help me12th April 2010, 8:18 am

I did as you said, and I saved the logs. I tried to post them in the reply but even sending them one at a time...it said the posted message is too long

Re: Slow computer, I feel like I'm on dial up again please help me12th April 2010, 8:19 am

OTL Extras logfile created on: 4/12/2010 12:50:25 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 333.00 Mb Available Physical Memory | 66.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.34 Gb Total Space | 116.59 Gb Free Space | 80.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4GJSZ81
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Office2K\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Office2K\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"9999:TCP" = 9999:TCP:LocalSubNet:Enabled:DNA
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- (Adobe Systems Incorporated)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch

Jukebox
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}" = SPCP825 USB to UART Bridge Driver Installer
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AEEB3643-71DE-414d-9E3F-1159177FE211}" = Office Animation Runtime
"{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E44702-21F5-4918-B8A3-6D126D5BD33C}" = Windows Messenger 5.1
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PhotoDeluxe Home Edition 4.0" = Adobe PhotoDeluxe Home Edition 4.0
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"Equilibria" = Equilibria
"FoneSync" = FoneSync
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Inline Search" = Inline Search v1.3 for Internet Explorer (remove only)
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Kazoo Player" = Kazoo Player
"Mahjongg Master 4" = Mahjongg Master 4
"Media Manager 1.5" = Microsoft Media Manager 1.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MS Access 97 SP2" = MS Access 97 SP2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Pirate Poppers" = Pirate Poppers
"Plant Tycoon" = Plant Tycoon
"Poppit! To Go" = Poppit! To Go
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuickTime 3.0" = QuickTime 3.0
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7h
"Solitaire Master 3" = Solitaire Master 3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Zune" = Zune

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/10/2010 1:55:29 AM | Computer Name = D4GJSZ81 | Source = Application Hang | ID = 1001
Description = Fault bucket 314144541.

Error - 4/10/2010 1:00:47 PM | Computer Name = D4GJSZ81 | Source = NativeWrapper | ID = 5000
Description =

Error - 4/10/2010 5:21:45 PM | Computer Name = D4GJSZ81 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2010 6:58:47 PM | Computer Name = D4GJSZ81 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 4/10/2010 10:36:57 PM | Computer Name = D4GJSZ81 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 4/10/2010 10:51:21 PM | Computer Name = D4GJSZ81 | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: D4GJSZ81\Chris Checkpoint ID: 1 Error Code: 0x80070005 Error
description: Access is denied.

Error - 4/10/2010 10:51:21 PM | Computer Name = D4GJSZ81 | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: D4GJSZ81\Chris Checkpoint ID: 1 Error Code: 0x8000ffff Error
description: Catastrophic failure

Error - 4/11/2010 1:02:01 PM | Computer Name = D4GJSZ81 | Source = NativeWrapper | ID = 5000
Description =

Error - 4/11/2010 4:57:16 PM | Computer Name = D4GJSZ81 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 4/11/2010 7:39:35 PM | Computer Name = D4GJSZ81 | Source = NativeWrapper | ID = 5000
Description =

[ System Events ]
Error - 4/10/2010 10:50:22 PM | Computer Name = D4GJSZ81 | Source = Service Control Manager | ID = 7000
Description = The BrSplService service failed to start due to the following error:
%%2

Error - 4/10/2010 10:50:22 PM | Computer Name = D4GJSZ81 | Source = Service Control Manager | ID = 7000
Description = The Media Manager Indexer service failed to start due to the following
error: %%2

Error - 4/10/2010 10:50:22 PM | Computer Name = D4GJSZ81 | Source = Service Control Manager | ID = 7000
Description = The Net.Tcp Port Sharing Service service failed to start due to the
following error: %%2

Error - 4/10/2010 10:50:23 PM | Computer Name = D4GJSZ81 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BootScreen

Error - 4/11/2010 1:02:50 PM | Computer Name = D4GJSZ81 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 4/11/2010 7:39:37 PM | Computer Name = D4GJSZ81 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 4/12/2010 1:31:28 AM | Computer Name = D4GJSZ81 | Source = Service Control Manager | ID = 7000
Description = The BrSplService service failed to start due to the following error:
%%2

Error - 4/12/2010 1:31:28 AM | Computer Name = D4GJSZ81 | Source = Service Control Manager | ID = 7000
Description = The Media Manager Indexer service failed to start due to the following
error: %%2

Error - 4/12/2010 1:31:28 AM | Computer Name = D4GJSZ81 | Source = Service Control Manager | ID = 7000
Description = The Net.Tcp Port Sharing Service service failed to start due to the
following error: %%2

Error - 4/12/2010 1:31:30 AM | Computer Name = D4GJSZ81 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BootScreen

< End of report >

Re: Slow computer, I feel like I'm on dial up again please help me12th April 2010, 8:24 am

here is part of the otl txt

OTL logfile created on: 4/12/2010 12:50:25 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 333.00 Mb Available Physical Memory | 66.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.34 Gb Total Space | 116.59 Gb Free Space | 80.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4GJSZ81
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/12 00:48:37 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

========== Modules (SafeList) ==========

MOD - [2010/04/12 00:48:37 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Auto | Stopped] -- -- (MMIndexer)
SRV - File not found [Auto | Stopped] -- -- (Brother XP spl Service)
SRV - [2010/01/07 15:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 15:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/28 18:02:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/03/12 09:31:09 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/01/07 15:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2009/03/02 15:00:46 | 000,095,592 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)
DRV - [2009/02/24 02:06:28 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgchsmdm.sys -- (zgchsmdm)
DRV - [2009/02/24 02:06:28 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgchsdiag.sys -- (zgchsdiag)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/11/18 13:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 13:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/16 16:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/10 11:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005/11/07 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 06:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/20 18:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (drvmcdb)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (drvnddm)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/10/06 10:39:14 | 000,283,904 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2004/10/04 06:28:38 | 000,043,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/12/19 20:15:50 | 000,015,263 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,060,416 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc630.mail.yahoo.com/mc/welcome?.gx=1&.tm=1269951406&.rand=7udnm61gbcj29
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

[2009/06/10 08:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2009/06/10 08:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/04/02 15:05:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163795320177 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://virscan.org/images/load/1.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 03:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpFolder: C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Introducing Media Manager.lnk - C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Chris^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\PROGRA~1\LimeWire\LimeWire.exe - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DWQueuedReporting - hkey= - key= - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: First Principle Group - hkey= - key= - C:\Program Files\First Principle Group\fpg.exe (First Principle Group)
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: Microsoft Works Update Detection - hkey= - key= - C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft

Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: YSearchProtection - hkey= - key= - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Reg Error: Value error.
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - Reg Error: Value error.
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Reg Error: Value error.
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{64A10DCF-7FF1-4600-9824-DE0BCC2AA72E} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/12 00:48:28 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/04/11 00:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/11 00:44:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/11 00:44:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/11 00:44:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/11 00:44:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/10 20:11:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/10 19:48:27 | 000,000,000 | ---D | C] -- C:\commy31802c
[2010/04/04 22:33:51 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srusd.dll
[2010/04/04 22:33:51 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2010/04/04 22:33:47 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010/04/04 22:33:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fnfilter.dll
[2010/04/04 22:33:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2010/04/03 07:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\WinZip
[2010/04/02 14:49:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/02 14:49:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/02 14:49:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/02 14:49:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/02 14:47:53 | 000,000,000 | ---D | C] -- C:\commy1608c
[2010/04/02 14:47:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/01 22:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/03/27 06:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Rumo
[2010/03/18 01:49:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/09/25 10:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/25 06:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/06/13 16:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/06/13 06:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2009/05/03 14:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/24 22:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/06 21:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/10/01 06:51:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/08/16 03:30:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2003/12/09 14:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/12 00:53:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FC64643E-3601-416C-A5AF-37C118D6D0E3}.job
[2010/04/12 00:50:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CD1610B7-52EE-4D17-8807-655400EF8D00}.job
[2010/04/12 00:48:37 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/04/11 22:34:25 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/11 22:33:46 | 000,001,310 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Facebook.url
[2010/04/11 22:31:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/11 22:31:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/11 22:31:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/11 22:31:07 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/11 16:38:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2010/04/11 16:38:58 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\Chris\ntuser.dat
[2010/04/11 13:34:20 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/11 00:43:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/11 00:43:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/11 00:43:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/11 00:43:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/11 00:43:46 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/10 19:52:01 | 000,001,125 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/10 19:52:01 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/04/10 19:51:10 | 003,911,676 | R--- | M] () -- C:\Documents and Settings\Chris\Desktop\commy.exe
[2010/04/07 21:35:46 | 008,118,134 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2010/04/03 22:11:51 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Microsoft Word.lnk
[2010/04/03 20:12:54 | 000,147,832 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\profiles.exe
[2010/04/02 15:05:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/18 10:09:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/14 19:31:32 | 000,527,182 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 19:31:32 | 000,444,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 19:31:32 | 000,072,782 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

Re: Slow computer, I feel like I'm on dial up again please help me12th April 2010, 8:25 am

here is the second part of the otl txt

========== Files Created - No Company Name ==========

[2010/04/03 20:12:54 | 000,147,832 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\profiles.exe
[2010/04/02 14:49:43 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/02 14:49:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/02 14:49:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/02 14:49:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/02 14:49:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/02 14:43:57 | 003,911,676 | R--- | C] () -- C:\Documents and Settings\Chris\Desktop\commy.exe
[2010/03/23 14:01:18 | 000,001,310 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Facebook.url
[2010/03/12 09:31:08 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/23 00:54:28 | 000,000,256 | R--- | C] () -- C:\Documents and Settings\Chris\BRMSI04.BIN
[2009/12/20 11:00:17 | 011,534,336 | ---- | C] () -- C:\Documents and Settings\Chris\ntuser.dat
[2009/10/16 12:10:47 | 000,001,536 | -HS- | C] () -- C:\Program Files\ehthumbs.db
[2009/10/16 12:08:10 | 000,001,536 | -HS- | C] () -- C:\Documents and Settings\All Users\ehthumbs.db
[2009/10/16 02:55:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2009/09/04 19:03:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2009/07/22 16:53:27 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/10 22:19:43 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/10 22:19:43 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/20 13:12:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/20 13:12:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/13 05:57:31 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/06/09 08:19:42 | 000,299,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/06/06 15:19:07 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/06/06 15:19:07 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/06 15:19:06 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/19 22:39:27 | 000,000,390 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2009/05/12 20:40:21 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Mahjongg Variations.INI
[2008/10/24 17:52:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2008/07/19 15:59:46 | 000,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2008/05/10 02:47:44 | 000,000,048 | ---- | C] () -- C:\WINDOWS\Hypnosis.ini
[2008/03/28 06:46:59 | 000,001,458 | ---- | C] () -- C:\WINDOWS\FiveCardFrenzy.ini
[2008/03/17 13:33:06 | 000,000,136 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/06 07:19:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pool.INI
[2008/01/20 23:53:50 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\acmeinc.ini
[2008/01/20 23:53:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\vxdtgm.ini
[2008/01/01 22:42:44 | 000,000,048 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/12/28 22:49:25 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/12/17 03:52:08 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2007/12/17 03:52:08 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2007/12/02 21:12:20 | 000,000,092 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/12/02 21:11:28 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2007/11/19 18:48:23 | 000,000,514 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/11/16 00:36:40 | 000,000,976 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2007/10/20 23:47:06 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2007/10/20 23:47:06 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2007/10/20 23:47:06 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2007/10/20 23:47:06 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2007/10/20 23:46:52 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/10/13 23:42:35 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Tetris.ini
[2007/10/13 20:54:54 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TZAPCOM.INI
[2007/10/05 12:48:49 | 000,000,080 | ---- | C] () -- C:\WINDOWS\fpg.INI
[2007/09/30 11:40:04 | 000,006,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/09/18 22:16:00 | 000,000,767 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/09/17 16:48:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/09/07 01:48:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI
[2007/09/06 16:47:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/02 20:15:27 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2007/08/22 23:16:34 | 000,123,888 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/07/20 22:52:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2006/12/12 12:33:37 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0E91058025.sys
[2006/12/11 00:13:45 | 000,000,111 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2006/11/17 13:23:20 | 000,000,793 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/11/17 00:26:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris\NULL
[2006/10/26 08:56:48 | 000,003,454 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/26 08:56:48 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\11C6F2E73F.sys
[2006/10/14 20:57:35 | 000,000,583 | ---- | C] () -- C:\WINDOWS\Q3TA.INI
[2006/10/13 16:46:31 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\PFP120JPR.{PB
[2006/10/13 16:46:31 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\PFP120JCM.{PB
[2006/10/11 10:49:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/27 11:04:22 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Chris\ntuser.dat.LOG
[2006/08/27 11:04:22 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Chris\ntuser.ini
[2006/08/27 11:04:04 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/08/27 11:04:04 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/07/07 12:30:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2005/12/11 10:12:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/11 10:04:26 | 000,000,592 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/11 09:41:50 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
[2005/12/11 09:41:14 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/03/09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/03/12 09:31:09 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2005/08/16 03:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 03:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 03:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2006/12/12 12:33:37 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\system32\0E91058025.sys
[2007/07/24 01:02:46 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\system32\11C6F2E73F.sys
[2004/08/10 04:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/10 04:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[1999/11/05 14:18:58 | 000,007,808 | ---- | M] () -- C:\WINDOWS\system32\dc240u.sys
[2004/06/09 09:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys
[1999/11/05 14:19:00 | 000,065,864 | ---- | M] () -- C:\WINDOWS\system32\Digita.sys
[2005/03/13 15:54:00 | 000,006,656 | ---- | M] (GTek Technologies Ltd.) -- C:\WINDOWS\system32\DLPT2.sys
[2005/02/08 11:37:52 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys
[2004/06/15 15:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMOS.sys
[2004/08/10 04:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2005/09/20 18:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\iviaspi.sys
[2004/08/10 04:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/10 04:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2007/07/24 01:02:46 | 000,003,454 | -HS- | M] () -- C:\WINDOWS\system32\KGyGaAvL.sys
[2004/08/10 04:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/10 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/10 04:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/10 04:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/10 04:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/10 04:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/10 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/10 04:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/10 04:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/10 04:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 11:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 06:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2004/01/14 12:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\ZDPNDIS5.SYS

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 17:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 17:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 17:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 17:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 17:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 17:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 17:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 17:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 17:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 17:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 17:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 17:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 17:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 17:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 17:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/09/29 19:00:52 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/10/11 10:43:15 | 000,000,276 | ---- | M] () -- C:\BDELog.txt
[2010/01/15 23:35:01 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/04/10 19:52:01 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/01/15 23:12:39 | 000,000,013 | -H-- | M] () -- C:\cmsstorage.lst
[2010/04/11 13:39:57 | 000,014,329 | ---- | M] () -- C:\ComboFix.txt
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/11/04 19:14:26 | 000,066,052 | ---- | M] () -- C:\consoledebug.txt
[2009/01/23 07:55:22 | 000,000,710 | ---- | M] () -- C:\coredw.log
[2009/03/30 22:54:01 | 000,000,000 | ---- | M] () -- C:\data.cph
[2009/01/23 07:55:23 | 000,000,466 | ---- | M] () -- C:\datawriter.log
[2005/12/11 09:44:30 | 000,005,657 | RH-- | M] () -- C:\dell.sdr
[2008/05/28 20:34:16 | 000,000,097 | ---- | M] () -- C:\DownloadLog.txt
[2008/01/26 04:42:45 | 000,007,667 | ---- | M] () -- C:\DTLog.txt
[2009/10/16 11:48:54 | 001,912,320 | -HS- | M] () -- C:\ehthumbs.db
[2009/06/27 17:04:32 | 000,000,153 | ---- | M] () -- C:\EventLOG.txt
[2007/12/27 09:29:31 | 000,000,016 | ---- | M] () -- C:\h.txt
[2010/04/11 22:31:07 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys
[2008/05/08 16:35:14 | 000,000,752 | ---- | M] () -- C:\hpfr3420.log
[2008/08/29 12:48:24 | 000,000,527 | ---- | M] () -- C:\hpfr3420.xml
[2008/08/29 12:48:24 | 000,277,012 | ---- | M] () -- C:\hpfr3425.log
[2006/08/27 19:14:43 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008/06/07 15:47:30 | 000,000,424 | ---- | M] () -- C:\INSTALL.LOG
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/03/14 04:00:00 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2005/12/11 10:04:14 | 000,000,839 | -H-- | M] () -- C:\IPH.PH
[2008/03/31 06:43:26 | 000,000,218 | -H-- | M] () -- C:\l81.i
[2009/12/13 17:11:46 | 000,000,005 | ---- | M] () -- C:\lcl.txt
[2010/04/01 08:08:56 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/05 20:27:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/16 01:00:59 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/01/25 11:07:49 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/04/11 22:31:06 | 789,696,512 | -HS- | M] () -- C:\pagefile.sys
[2008/03/01 18:13:20 | 000,038,484 | ---- | M] () -- C:\playground.log
[2009/10/16 11:46:20 | 000,000,189 | ---- | M] () -- C:\Shortcut (2) to CD Drive.lnk
[2008/05/14 07:30:30 | 000,000,145 | ---- | M] () -- C:\Shortcut to CD Drive.lnk
[2005/10/31 08:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2005/12/11 10:04:24 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2008/03/31 06:43:26 | 000,000,218 | -H-- | M] () -- C:\t8101.le
[2010/04/03 07:18:56 | 000,019,456 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_03.04.2010_07.18.56_log.txt
[2010/04/03 07:19:26 | 000,019,456 | ---- | M] () -- C:\TDSSKiller.txt
[2008/06/03 14:46:14 | 000,005,384 | ---- | M] () -- C:\tv3d_debug.txt
[2006/11/17 10:09:31 | 000,002,824 | -HS- | M] () -- C:\vm404.log
[2009/07/21 18:46:43 | 000,058,368 | ---- | M] () -- C:\wonderland doc 1.doc
[2009/07/21 18:48:38 | 000,066,048 | ---- | M] () -- C:\wonderland doc2.doc
[2009/04/25 00:13:22 | 001,054,728 | ---- | M] () -- C:\www.yahoo.htm
[2007/11/27 16:48:43 | 000,001,167 | ---- | M] () -- C:\_Sid.txt

< %PROGRAMFILES%\*. >
[2010/01/17 14:04:03 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/01/16 00:30:02 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2009/06/27 04:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/04/11 13:31:30 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/08/16 03:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/03/14 03:51:22 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2009/06/20 13:11:52 | 000,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2005/12/11 10:01:18 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/04/03 13:41:30 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2007/10/23 14:37:14 | 000,000,000 | ---D | M] -- C:\Program Files\eGames
[2007/10/05 13:09:18 | 000,000,000 | ---D | M] -- C:\Program Files\First Principle Group
[2007/09/06 16:42:37 | 000,000,000 | ---D | M] -- C:\Program Files\FoneSync
[2008/12/25 15:40:56 | 000,000,000 | ---D | M] -- C:\Program Files\GameFiesta
[2008/07/01 11:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\GameHouse(2)
[2010/04/02 08:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/03/18 02:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\Graboid
[2007/07/25 06:55:22 | 000,000,000 | ---D | M] -- C:\Program Files\Greedy Words
[2007/10/23 21:45:08 | 000,000,000 | ---D | M] -- C:\Program Files\IEForge
[2007/10/23 21:42:07 | 000,000,000 | ---D | M] -- C:\Program Files\ieSpell
[2009/01/28 15:16:53 | 000,000,000 | ---D | M] -- C:\Program Files\Incomplete
[2009/06/27 21:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\Infogrames Interactive
[2009/10/16 01:42:08 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/11/27 23:03:36 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2008/02/19 18:51:11 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/03/31 15:24:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/01/20 18:26:43 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/10/20 23:48:55 | 000,000,000 | ---D | M] -- C:\Program Files\LightWork Design
[2010/01/20 18:27:08 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2008/10/13 19:27:34 | 000,000,000 | ---D | M] -- C:\Program Files\Media Manager
[2009/06/17 17:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/01/13 18:11:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/08/23 15:14:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/03/10 22:16:17 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/07/23 12:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/12/11 10:02:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2010/01/20 16:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/16 07:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/10/25 21:56:15 | 000,000,000 | ---D | M] -- C:\Program Files\MICROS~1.SH!
[2008/03/14 03:51:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mininova
[2005/12/11 10:00:57 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2005/12/11 10:01:10 | 000,000,000 | ---D | M] -- C:\Program Files\Modem On Hold
[2009/06/27 21:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\Morpheus
[2010/03/10 05:04:11 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/11 23:15:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2007/11/13 01:10:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/01/25 14:55:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSECACHE
[2009/04/24 22:31:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/11/02 21:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Games
[2005/08/16 03:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/17 13:30:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/11/13 00:57:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/09/05 20:29:01 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/03/03 21:35:54 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2009/07/23 12:29:50 | 000,000,000 | ---D | M] -- C:\Program Files\Office2K
[2006/12/11 08:20:47 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/09/25 10:12:42 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/03/01 19:48:04 | 000,000,000 | ---D | M] -- C:\Program Files\PiratePoppers_at
[2007/10/14 00:35:42 | 000,000,000 | ---D | M] -- C:\Program Files\Plus!
[2009/12/26 16:53:23 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2007/09/28 06:22:50 | 000,000,000 | ---D | M] -- C:\Program Files\Poppit To Go
[2008/07/01 03:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\QBeez2_at
[2009/09/22 16:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/10/26 17:07:11 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/03/18 02:02:07 | 000,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2007/11/13 01:04:50 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/07/25 04:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2007/07/24 01:11:56 | 000,000,000 | ---D | M] -- C:\Program Files\RGB
[2009/07/27 15:27:40 | 000,000,000 | ---D | M] -- C:\Program Files\Riva
[2010/03/30 05:14:38 | 000,000,000 | ---D | M] -- C:\Program Files\Rumo
[2009/06/02 00:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\Safer Networking
[2008/05/31 23:25:24 | 000,000,000 | ---D | M] -- C:\Program Files\Sandisk
[2009/06/06 14:42:41 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft(2)
[2010/01/15 23:12:57 | 000,000,000 | ---D | M] -- C:\Program Files\Security Task Manager
[2006/11/17 13:17:32 | 000,000,000 | ---D | M] -- C:\Program Files\Shockwave.com
[2007/08/22 22:02:23 | 000,000,000 | ---D | M] -- C:\Program Files\Siber Systems
[2007/09/18 22:16:38 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra On-Line
[2005/12/11 09:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2009/01/26 22:57:34 | 000,000,000 | ---D | M] -- C:\Program Files\SiteAdvisor
[2009/10/25 11:03:41 | 000,000,000 | ---D | M] -- C:\Program Files\Smilebox
[2010/02/04 10:29:46 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/06/27 21:07:23 | 000,000,000 | ---D | M] -- C:\Program Files\Star Defender 3
[2010/03/30 04:55:13 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/01/12 22:11:26 | 000,000,000 | ---D | M] -- C:\Program Files\TrendMicro
[2009/09/22 16:38:41 | 000,000,000 | ---D | M] -- C:\Program Files\UltraPlayer
[2005/08/16 03:50:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/04/03 16:36:02 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2009/07/13 12:55:56 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2005/12/11 10:06:28 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2009/06/27 21:07:26 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/02/10 23:32:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/09/29 09:47:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2009/06/27 21:07:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2007/09/30 14:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2007/09/30 19:24:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/05 20:28:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/08/16 03:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/08/16 03:40:46 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/04/03 07:16:00 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2005/08/16 03:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/12/27 11:14:14 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid
[2010/03/18 01:51:34 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/01/26 09:00:16 | 000,000,000 | ---D | M] -- C:\Program Files\Zune
[2009/09/29 00:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\zune.old
[2008/12/29 23:24:20 | 000,000,000 | ---D | M] -- C:\Program Files\_uninstallation_info

< %appdata%\*.* >
[2005/08/16 03:33:26 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Chris\Application Data\desktop.ini
[2008/03/30 20:23:06 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/10/13 16:46:31 | 000,012,358 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\PFP120JCM.{PB
[2006/10/13 16:46:31 | 000,061,678 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\PFP120JPR.{PB

< MD5 for: AGP440.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/05 20:22:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/05 20:22:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/05 20:22:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/05 20:22:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/05 20:22:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/09/05 20:22:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/10 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/05 20:22:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/09/05 20:22:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-11 23:39:37

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A44AF1B
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:072F1F69
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47BC930A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43A31AEA
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15552B00
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:437B9941
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE0ED846
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18D1A5B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F0C9230
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3B557D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A60E1551
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45E9EFF4
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8AE60A7
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B3349CB
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB6ECE53
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E2A6B4A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E1514E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31B5E9B
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81E7CF6A
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F02F4882
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:429EC15A
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D49F2659
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31D2961C
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FC7B9E4
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
< End of report >

Re: Slow computer, I feel like I'm on dial up again please help me13th April 2010, 1:37 am

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:otl
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
[2010/04/12 00:53:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FC64643E-3601-416C-A5AF-37C118D6D0E3}.job
[2010/04/12 00:50:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CD1610B7-52EE-4D17-8807-655400EF8D00}.job
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A44AF1B
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:072F1F69
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47BC930A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43A31AEA
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15552B00
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:437B9941
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE0ED846
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18D1A5B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F0C9230
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3B557D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A60E1551
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45E9EFF4
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8AE60A7
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B3349CB
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB6ECE53
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E2A6B4A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E1514E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31B5E9B
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81E7CF6A
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F02F4882
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:429EC15A
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D49F2659
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31D2961C
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FC7B9E4
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A

:commands
[emptytemp]
[purity]
[reboot]
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Re: Slow computer, I feel like I'm on dial up again please help me13th April 2010, 5:16 am

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\musicmatch.com\online\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\login\ deleted successfully.
C:\WINDOWS\tasks\User_Feed_Synchronization-{FC64643E-3601-416C-A5AF-37C118D6D0E3}.job moved successfully.
C:\WINDOWS\tasks\User_Feed_Synchronization-{CD1610B7-52EE-4D17-8807-655400EF8D00}.job moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1A44AF1B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:072F1F69 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:47BC930A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:43A31AEA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:15552B00 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:437B9941 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE0ED846 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A18D1A5B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F0C9230 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B3B557D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A60E1551 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:45E9EFF4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D8AE60A7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1B3349CB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB6ECE53 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6E2A6B4A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1713795 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:55E1514E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A31B5E9B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:81E7CF6A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F02F4882 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:429EC15A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D49F2659 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:31D2961C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2FC7B9E4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Chris
->Temp folder emptied: 18649 bytes
->Temporary Internet Files folder emptied: 39232522 bytes
->Java cache emptied: 14610802 bytes
->Google Chrome cache emptied: 220893048 bytes
->Flash cache emptied: 192875 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes

User: NetworkService
->Temp folder emptied: 896 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Sharon(2)
->Temporary Internet Files folder emptied: 35608 bytes

User: USER

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 559404 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 263.00 mb

OTL by OldTimer - Version 3.2.1.1 log created on 04122010_220847

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\TMP0000001762B2E22581C90097 not found!

Registry entries deleted on Reboot...

Re: Slow computer, I feel like I'm on dial up again please help me13th April 2010, 5:30 am

Please open OTL -- Click None and paste this in the Custom Scans box:

Code:

/md5start
atapi.sys
gbgppprj.dat
/md5stop

Then click Run Scan. It shall launch a log. Please post it in your next reply.

Re: Slow computer, I feel like I'm on dial up again please help me13th April 2010, 4:08 pm

OTL logfile created on: 4/13/2010 9:00:25 AM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 274.00 Mb Available Physical Memory | 55.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.34 Gb Total Space | 116.62 Gb Free Space | 80.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4GJSZ81
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/12 00:48:37 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

========== Modules (SafeList) ==========

MOD - [2010/04/12 00:48:37 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Auto | Stopped] -- -- (MMIndexer)
SRV - File not found [Auto | Stopped] -- -- (Brother XP spl Service)
SRV - [2010/01/07 15:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 15:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 15:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/28 18:02:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc630.mail.yahoo.com/mc/welcome?.gx=1&.tm=1269951406&.rand=7udnm61gbcj29
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

[2009/06/10 08:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2009/06/10 08:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/04/02 15:05:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163795320177 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://virscan.org/images/load/1.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/12 22:11:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/12 22:08:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/12 00:48:28 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/04/11 00:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/10 20:11:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/10 19:48:27 | 000,000,000 | ---D | C] -- C:\commy31802c
[2010/04/03 07:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\WinZip
[2010/04/02 14:49:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/02 14:49:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/02 14:49:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/02 14:49:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/02 14:47:53 | 000,000,000 | ---D | C] -- C:\commy1608c
[2010/04/02 14:47:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/01 22:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2009/09/25 10:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/25 06:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/06/13 16:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/06/13 06:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2009/05/03 14:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/24 22:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/06 21:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/10/01 06:51:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/08/16 03:30:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2003/12/09 14:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll

========== Files - Modified Within 14 Days ==========

[2010/04/13 07:21:38 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/13 07:19:46 | 000,001,310 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Facebook.url
[2010/04/13 07:19:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/13 07:18:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/13 07:18:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/13 07:18:23 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/13 05:35:34 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\Chris\ntuser.dat
[2010/04/13 05:35:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2010/04/12 00:48:37 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/04/11 13:34:20 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/10 19:52:01 | 000,001,125 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/10 19:52:01 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/04/10 19:51:10 | 003,911,676 | R--- | M] () -- C:\Documents and Settings\Chris\Desktop\commy.exe
[2010/04/07 21:35:46 | 008,118,134 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2010/04/03 22:11:51 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Microsoft Word.lnk
[2010/04/03 20:12:54 | 000,147,832 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\profiles.exe
[2010/04/02 15:05:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

========== Files Created - No Company Name ==========

[2010/04/03 20:12:54 | 000,147,832 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\profiles.exe
[2010/04/02 14:49:43 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/02 14:49:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/02 14:49:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/02 14:49:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/02 14:49:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/02 14:43:57 | 003,911,676 | R--- | C] () -- C:\Documents and Settings\Chris\Desktop\commy.exe
[2010/03/12 09:31:08 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/23 00:54:28 | 000,000,256 | R--- | C] () -- C:\Documents and Settings\Chris\BRMSI04.BIN
[2009/12/20 11:00:17 | 011,534,336 | ---- | C] () -- C:\Documents and Settings\Chris\ntuser.dat
[2009/10/16 12:10:47 | 000,001,536 | -HS- | C] () -- C:\Program Files\ehthumbs.db
[2009/10/16 12:08:10 | 000,001,536 | -HS- | C] () -- C:\Documents and Settings\All Users\ehthumbs.db
[2009/10/16 02:55:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2009/09/04 19:03:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2009/07/22 16:53:27 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/10 22:19:43 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/10 22:19:43 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/20 13:12:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/20 13:12:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/13 05:57:31 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/06/09 08:19:42 | 000,299,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/06/06 15:19:07 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/06/06 15:19:07 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/06 15:19:06 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/19 22:39:27 | 000,000,390 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2009/05/12 20:40:21 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Mahjongg Variations.INI
[2008/10/24 17:52:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2008/07/19 15:59:46 | 000,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2008/05/10 02:47:44 | 000,000,048 | ---- | C] () -- C:\WINDOWS\Hypnosis.ini
[2008/03/28 06:46:59 | 000,001,458 | ---- | C] () -- C:\WINDOWS\FiveCardFrenzy.ini
[2008/03/17 13:33:06 | 000,000,136 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/06 07:19:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pool.INI
[2008/01/20 23:53:50 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\acmeinc.ini
[2008/01/20 23:53:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\vxdtgm.ini
[2008/01/01 22:42:44 | 000,000,048 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/12/28 22:49:25 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/12/17 03:52:08 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2007/12/17 03:52:08 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2007/12/02 21:12:20 | 000,000,092 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/12/02 21:11:28 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2007/11/19 18:48:23 | 000,000,514 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/11/16 00:36:40 | 000,000,976 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2007/10/20 23:47:06 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2007/10/20 23:47:06 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2007/10/20 23:47:06 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2007/10/20 23:47:06 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2007/10/20 23:46:52 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/10/13 23:42:35 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Tetris.ini
[2007/10/13 20:54:54 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TZAPCOM.INI
[2007/10/05 12:48:49 | 000,000,080 | ---- | C] () -- C:\WINDOWS\fpg.INI
[2007/09/30 11:40:04 | 000,006,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/09/18 22:16:00 | 000,000,767 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/09/17 16:48:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/09/07 01:48:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI
[2007/09/06 16:47:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/02 20:15:27 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2007/08/22 23:16:34 | 000,123,888 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/07/20 22:52:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2006/12/12 12:33:37 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0E91058025.sys
[2006/12/11 00:13:45 | 000,000,111 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2006/11/17 13:23:20 | 000,000,793 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/11/17 00:26:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris\NULL
[2006/10/26 08:56:48 | 000,003,454 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/26 08:56:48 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\11C6F2E73F.sys
[2006/10/14 20:57:35 | 000,000,583 | ---- | C] () -- C:\WINDOWS\Q3TA.INI
[2006/10/13 16:46:31 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\PFP120JPR.{PB
[2006/10/13 16:46:31 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\PFP120JCM.{PB
[2006/10/11 10:49:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/27 11:04:22 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Chris\ntuser.dat.LOG
[2006/08/27 11:04:22 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Chris\ntuser.ini
[2006/08/27 11:04:04 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/08/27 11:04:04 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/07/07 12:30:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2005/12/11 10:12:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/11 10:04:26 | 000,000,592 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/11 09:41:50 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
[2005/12/11 09:41:14 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/03/09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/09/29 19:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2008/01/01 00:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2009/09/14 10:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/05/21 20:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/06/13 06:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/10/22 23:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/12/14 20:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2007/09/30 12:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/03/29 17:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2009/06/01 21:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/07/25 05:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\My Games
[2008/03/01 19:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/06/06 14:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2008/12/18 15:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2009/06/06 14:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/10/07 23:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/01/15 11:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2007/08/22 22:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/06/06 14:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/01/15 23:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/07/01 04:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/02/05 00:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/31 01:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/03 07:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/10/28 03:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2008/10/16 19:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/09/04 17:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\AlwaysNeat
[2009/10/20 10:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Any Video Converter
[2009/07/26 16:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\COWON
[2007/09/14 02:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\eGames
[2008/12/21 20:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\funkitron
[2008/07/03 19:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\GameHouse
[2009/06/28 23:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\GARMIN
[2007/12/28 22:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\GetRightToGo
[2009/05/15 22:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\HiT-MM
[2007/12/08 01:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ieSpell
[2009/06/13 11:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\iolo
[2009/09/01 16:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\IronCode
[2007/11/19 21:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech
[2009/12/14 20:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Ludia
[2007/09/01 03:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Magic Match
[2008/12/18 15:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Netscape
[2007/08/23 03:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\pixelStorm
[2009/06/01 21:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PlayFirst
[2010/01/11 22:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Pogo Games
[2007/08/28 23:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Template
[2008/10/22 10:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Uniblue
[2009/10/20 10:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent
[2007/10/08 01:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Viewpoint
[2007/11/17 16:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\VTExtra
[2010/04/13 07:21:38 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

Re: Slow computer, I feel like I'm on dial up again please help me13th April 2010, 4:14 pm

Try this once more please.

Please open OTL -- Click None and copy and paste this in to the Custom Scans box:

Code:

/md5start
atapi.sys
gbgppprj.dat
/md5stop

Then click Run Scan. It shall launch a log. Please post it in your next reply.

Re: Slow computer, I feel like I'm on dial up again please help me13th April 2010, 4:28 pm

OTL logfile created on: 4/13/2010 9:21:42 AM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 212.00 Mb Available Physical Memory | 42.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.34 Gb Total Space | 116.62 Gb Free Space | 80.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4GJSZ81
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/05 20:22:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/05 20:22:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: GBGPPPRJ.DAT >
[2007/12/06 17:50:52 | 000,019,456 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\gbgppprj.dat
< End of report >

Re: Slow computer, I feel like I'm on dial up again please help me14th April 2010, 3:24 am

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:files
C:\WINDOWS\system32\drivers\gbgppprj.dat

:commands
[emptytemp]
[reboot]
Then click the Run Fix button at the top.
Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Re: Slow computer, I feel like I'm on dial up again please help me14th April 2010, 4:46 am

All processes killed
========== FILES ==========
C:\WINDOWS\system32\drivers\gbgppprj.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Chris
->Temp folder emptied: 18907 bytes
->Temporary Internet Files folder emptied: 20031736 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2636 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 4628 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Sharon(2)
->Temporary Internet Files folder emptied: 0 bytes

User: USER

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 19.00 mb

OTL by OldTimer - Version 3.2.1.1 log created on 04132010_213958

Files\Folders moved on Reboot...
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\UYXBAYFH\aceUAC[1].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\UYXBAYFH\welcome[1].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\H9HY8NHH\fc[1].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\85WW3I82\md[1].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\85WW3I82\slow-computer-i-feel-like-i-m-on-dial-up-again-please-help-me-t20620-15[1].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\85WW3I82\st[4] moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Re: Slow computer, I feel like I'm on dial up again please help me14th April 2010, 5:16 pm

How is the computer? Does it seem faster? Is the Internet still slow?

Re: Slow computer, I feel like I'm on dial up again please help me17th April 2010, 11:18 am

I thank you for your help...but my computer is still slow and it also freezes up sometimes

Re: Slow computer, I feel like I'm on dial up again please help me17th April 2010, 6:00 pm

Start a new topic in the Tech forum, maybe in the Operating Systems section.

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Slow computer, I feel like I'm on dial up again please help me

descriptionSlow computer, I feel like I'm on dial up again please help me2nd April 2010, 1:50 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me2nd April 2010, 1:50 pm

descriptionRe: Slow computer, I feel like I'm on dial up again please help me2nd April 2010, 10:30 pm

descriptionRe: Slow computer, I feel like I'm on dial up again please help me3rd April 2010, 12:32 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me3rd April 2010, 2:21 pm

descriptionRe: Slow computer, I feel like I'm on dial up again please help me3rd April 2010, 5:50 pm

descriptionRe: Slow computer, I feel like I'm on dial up again please help me4th April 2010, 3:30 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me4th April 2010, 4:06 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me9th April 2010, 5:13 pm

descriptionRe: Slow computer, I feel like I'm on dial up again please help me9th April 2010, 8:43 pm

descriptionRe: Slow computer, I feel like I'm on dial up again please help me11th April 2010, 8:54 pm

descriptionRe: Slow computer, I feel like I'm on dial up again please help me12th April 2010, 3:26 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me12th April 2010, 8:18 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me12th April 2010, 8:19 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me12th April 2010, 8:24 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me12th April 2010, 8:25 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me13th April 2010, 1:37 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me13th April 2010, 5:16 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me13th April 2010, 5:30 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me13th April 2010, 4:08 pm

descriptionRe: Slow computer, I feel like I'm on dial up again please help me13th April 2010, 4:14 pm

descriptionRe: Slow computer, I feel like I'm on dial up again please help me13th April 2010, 4:28 pm

descriptionRe: Slow computer, I feel like I'm on dial up again please help me14th April 2010, 3:24 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me14th April 2010, 4:46 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me14th April 2010, 5:16 pm

descriptionRe: Slow computer, I feel like I'm on dial up again please help me17th April 2010, 11:18 am

descriptionRe: Slow computer, I feel like I'm on dial up again please help me17th April 2010, 6:00 pm

descriptionRe: Slow computer, I feel like I'm on dial up again please help me