This topic is lockedGo to this page
Run the fixit there (big button about one third the way down) - if the normal run does not cure it then re run and use the aggressive mode
Virus deep within computer
Started by
Ken2893
, Apr 29 2011 08:20 AM
#31
Posted 03 May 2011 - 12:13 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Go to this page
Run the fixit there (big button about one third the way down) - if the normal run does not cure it then re run and use the aggressive mode
#32
Posted 08 May 2011 - 05:32 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
#33
Posted 22 May 2011 - 02:04 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you let me know what your current problems are please
Download OTL to your Desktop
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
#34
Posted 23 May 2011 - 06:41 AM
Ken2893
- Topic Starter
-
- Member
-
- 39 posts
Member
Hi. Sorry I diddnt respond yesterday I was at work. Well the only problem I have is the one from the very beginning. The slowness. What happens is the computer gets slow over time. The CPU usage spikes all the way up to %100.
#35
Posted 23 May 2011 - 10:38 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK could you run OTL as above please and I will have a look see - and see if I can find a resolution for this
#36
Posted 23 May 2011 - 12:19 PM
Ken2893
- Topic Starter
-
- Member
-
- 39 posts
Member
here you go. i dont think it made a extras.txt
OTL logfile created on: 5/23/2011 5:43:56 AM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Ken\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.07 Gb Available Physical Memory | 76.89% Memory free
8.00 Gb Paging File | 6.94 Gb Available in Paging File | 86.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 127.85 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
Drive D: | 7.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 14.65 Gb Total Space | 8.25 Gb Free Space | 56.29% Space Free | Partition Type: NTFS
Computer Name: HOME | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/23 05:41:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
PRC - [2011/05/06 19:43:05 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2010/10/27 05:00:02 | 001,015,808 | ---- | M] (Ares Development Group) -- C:\Program Files (x86)\Ares\Ares.exe
PRC - [2010/04/12 04:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
========== Modules (SafeList) ==========
MOD - [2011/05/23 05:41:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/04/08 16:06:50 | 000,295,424 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2011/03/09 05:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/24 13:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/09/24 13:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/09/24 13:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/06/17 21:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011/04/29 09:55:18 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/16 05:29:33 | 000,818,115 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\msvfd32.exe -- (Adobe Licensing Console)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/03/09 10:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/03/09 10:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/09 05:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/17 21:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 3D 29 B2 4B BE CB 01 [binary data]
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/16 05:09:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/25 22:41:19 | 000,000,000 | ---D | M]
[2010/10/09 15:26:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2011/05/17 13:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\uruw9tx8.default\extensions
[2011/04/16 05:09:43 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\uruw9tx8.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/04/28 14:15:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\uruw9tx8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/16 05:09:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\uruw9tx8.default\extensions\[email protected]
[2011/05/17 13:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/16 05:09:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/02 11:30:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2011/05/02 11:21:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Rainforest%20Adventure/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Rainforest%20Adventure/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/05/23 05:42:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/23 05:41:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2011/05/07 15:14:31 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Electronic Arts
[2011/05/07 15:02:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/05/04 06:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2011/05/02 12:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2011/05/02 12:06:19 | 001,420,288 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranFD.exe
[2011/05/02 12:06:19 | 000,295,424 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragS.exe
[2011/05/02 12:06:19 | 000,292,352 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDC.exe
[2011/05/02 12:06:19 | 000,270,336 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefrag.dll
[2011/05/02 12:06:19 | 000,132,608 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragBT.exe
[2011/05/02 12:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/05/02 10:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/05/02 09:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/05/02 09:01:47 | 012,800,512 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl
[2011/05/02 09:01:47 | 003,467,264 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2011/05/02 09:01:47 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe
[2011/05/02 09:01:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2011/05/02 09:00:43 | 000,515,584 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2011/05/02 09:00:41 | 001,465,344 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2011/05/02 09:00:41 | 000,645,632 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2011/05/02 09:00:41 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2011/05/02 09:00:41 | 000,209,920 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\st646289.dll
[2011/05/02 08:58:29 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011/05/02 08:58:25 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011/05/02 08:58:20 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/05/02 07:17:24 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\My Drivers
[2011/05/02 07:17:24 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Innovative Solutions
[2011/05/02 07:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2011/05/01 17:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011/04/30 11:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/28 14:16:19 | 000,000,000 | ---D | C] -- C:\Users\Ken\dwhelper
[2011/04/26 06:16:38 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\TuneUp Software
[2011/04/26 06:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/04/26 06:16:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/04/26 05:49:38 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Auslogics
[2011/04/26 05:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/04/26 05:49:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011/04/25 22:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/04/25 22:19:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/25 22:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/25 22:19:19 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/16 05:29:33 | 000,818,115 | ---- | C] ( ) -- C:\Windows\SysWow64\msvfd32.exe
========== Files - Modified Within 30 Days ==========
[2011/05/23 05:41:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2011/05/23 04:31:52 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 04:31:52 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 04:24:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/23 04:24:29 | 3219,955,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 15:28:33 | 000,000,017 | ---- | M] () -- C:\Windows\SysNative\npd6.d
[2011/05/07 17:06:51 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/07 17:06:51 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/07 17:06:51 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/02 11:21:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
========== Files Created - No Company Name ==========
[2011/05/02 12:06:24 | 000,000,017 | ---- | C] () -- C:\Windows\SysNative\npd6.d
[2011/05/02 08:58:28 | 000,790,592 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/05/02 08:58:26 | 000,790,592 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/05/02 08:58:24 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/02 08:58:24 | 000,003,155 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2011/05/02 08:58:22 | 000,030,831 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/05/02 08:58:19 | 000,227,586 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2011/05/02 08:58:15 | 000,152,384 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/09/21 01:21:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 00:20:41 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 12:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe
========== LOP Check ==========
[2011/04/26 05:49:38 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Auslogics
[2011/05/23 05:49:10 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\BitTorrent
[2011/04/16 05:00:16 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Datel
[2011/04/16 05:00:16 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\FrostWire
[2010/10/15 02:46:05 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\GameTuts
[2011/02/05 17:37:12 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\GoldWaveCDDB
[2010/09/24 19:40:25 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\Hardcore
[2011/04/16 21:21:13 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Sakura
[2011/04/16 05:09:43 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\SpinTop
[2011/04/26 06:16:38 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\TuneUp Software
[2011/03/04 18:29:16 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/11/27 00:26:50 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/11/27 00:26:50 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/11/27 00:26:50 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2010/11/27 00:26:49 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/11/27 00:26:49 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2010/11/27 00:26:49 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:7679D513
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C60A94A8
< End of report >
OTL logfile created on: 5/23/2011 5:43:56 AM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Ken\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.07 Gb Available Physical Memory | 76.89% Memory free
8.00 Gb Paging File | 6.94 Gb Available in Paging File | 86.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 127.85 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
Drive D: | 7.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 14.65 Gb Total Space | 8.25 Gb Free Space | 56.29% Space Free | Partition Type: NTFS
Computer Name: HOME | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/23 05:41:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
PRC - [2011/05/06 19:43:05 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2010/10/27 05:00:02 | 001,015,808 | ---- | M] (Ares Development Group) -- C:\Program Files (x86)\Ares\Ares.exe
PRC - [2010/04/12 04:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
========== Modules (SafeList) ==========
MOD - [2011/05/23 05:41:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/04/08 16:06:50 | 000,295,424 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2011/03/09 05:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/24 13:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/09/24 13:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/09/24 13:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/06/17 21:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011/04/29 09:55:18 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/16 05:29:33 | 000,818,115 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\msvfd32.exe -- (Adobe Licensing Console)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/03/09 10:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/03/09 10:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/09 05:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/17 21:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 3D 29 B2 4B BE CB 01 [binary data]
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/16 05:09:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/25 22:41:19 | 000,000,000 | ---D | M]
[2010/10/09 15:26:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2011/05/17 13:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\uruw9tx8.default\extensions
[2011/04/16 05:09:43 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\uruw9tx8.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/04/28 14:15:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\uruw9tx8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/16 05:09:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\uruw9tx8.default\extensions\[email protected]
[2011/05/17 13:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/16 05:09:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/02 11:30:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2011/05/02 11:21:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Rainforest%20Adventure/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Rainforest%20Adventure/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/05/23 05:42:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/23 05:41:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2011/05/07 15:14:31 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Electronic Arts
[2011/05/07 15:02:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/05/04 06:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2011/05/02 12:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2011/05/02 12:06:19 | 001,420,288 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranFD.exe
[2011/05/02 12:06:19 | 000,295,424 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragS.exe
[2011/05/02 12:06:19 | 000,292,352 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDC.exe
[2011/05/02 12:06:19 | 000,270,336 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefrag.dll
[2011/05/02 12:06:19 | 000,132,608 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragBT.exe
[2011/05/02 12:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/05/02 10:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/05/02 09:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/05/02 09:01:47 | 012,800,512 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl
[2011/05/02 09:01:47 | 003,467,264 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2011/05/02 09:01:47 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe
[2011/05/02 09:01:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2011/05/02 09:00:43 | 000,515,584 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2011/05/02 09:00:41 | 001,465,344 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2011/05/02 09:00:41 | 000,645,632 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2011/05/02 09:00:41 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2011/05/02 09:00:41 | 000,209,920 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\st646289.dll
[2011/05/02 08:58:29 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011/05/02 08:58:25 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011/05/02 08:58:20 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/05/02 07:17:24 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\My Drivers
[2011/05/02 07:17:24 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Innovative Solutions
[2011/05/02 07:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2011/05/01 17:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011/04/30 11:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/28 14:16:19 | 000,000,000 | ---D | C] -- C:\Users\Ken\dwhelper
[2011/04/26 06:16:38 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\TuneUp Software
[2011/04/26 06:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/04/26 06:16:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/04/26 05:49:38 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Auslogics
[2011/04/26 05:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/04/26 05:49:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011/04/25 22:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/04/25 22:19:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/25 22:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/25 22:19:19 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/16 05:29:33 | 000,818,115 | ---- | C] ( ) -- C:\Windows\SysWow64\msvfd32.exe
========== Files - Modified Within 30 Days ==========
[2011/05/23 05:41:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2011/05/23 04:31:52 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 04:31:52 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 04:24:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/23 04:24:29 | 3219,955,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 15:28:33 | 000,000,017 | ---- | M] () -- C:\Windows\SysNative\npd6.d
[2011/05/07 17:06:51 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/07 17:06:51 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/07 17:06:51 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/02 11:21:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
========== Files Created - No Company Name ==========
[2011/05/02 12:06:24 | 000,000,017 | ---- | C] () -- C:\Windows\SysNative\npd6.d
[2011/05/02 08:58:28 | 000,790,592 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/05/02 08:58:26 | 000,790,592 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/05/02 08:58:24 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/02 08:58:24 | 000,003,155 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2011/05/02 08:58:22 | 000,030,831 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/05/02 08:58:19 | 000,227,586 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2011/05/02 08:58:15 | 000,152,384 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/09/21 01:21:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 00:20:41 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 12:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe
========== LOP Check ==========
[2011/04/26 05:49:38 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Auslogics
[2011/05/23 05:49:10 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\BitTorrent
[2011/04/16 05:00:16 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Datel
[2011/04/16 05:00:16 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\FrostWire
[2010/10/15 02:46:05 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\GameTuts
[2011/02/05 17:37:12 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\GoldWaveCDDB
[2010/09/24 19:40:25 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\Hardcore
[2011/04/16 21:21:13 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Sakura
[2011/04/16 05:09:43 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\SpinTop
[2011/04/26 06:16:38 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\TuneUp Software
[2011/03/04 18:29:16 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/11/27 00:26:50 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/11/27 00:26:50 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/11/27 00:26:50 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2010/11/27 00:26:49 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/11/27 00:26:49 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2010/11/27 00:26:49 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:7679D513
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C60A94A8
< End of report >
Attached Files
-
OTL.Txt 63.19KB
129 downloads
#37
Posted 23 May 2011 - 12:42 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
When the system starts to slow down could you open taskmanager and let me know which process is starting to use all the CPU power
#38
Posted 23 May 2011 - 01:09 PM
Ken2893
- Topic Starter
-
- Member
-
- 39 posts
Member
The main culprit is svchost.exe
There's at least 12 running. The highest is over 95,000
There's at least 12 running. The highest is over 95,000
#39
Posted 23 May 2011 - 01:21 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Please download Process Explorer from here
Install and run
Once the system starts slowing click the svchost process which is using the largest amount
Then either take a screenshot or go to File > Save as... and save to your desktop as a text file
Example from my system
Install and run
Once the system starts slowing click the svchost process which is using the largest amount
Then either take a screenshot or go to File > Save as... and save to your desktop as a text file
Example from my system
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 93.45 0 K 24 K
Interrupts n/a 0 K 0 K Hardware Interrupts
DPCs n/a 0.77 0 K 0 K Deferred Procedure Calls
System 4 168 K 2,656 K
smss.exe 304 460 K 1,164 K
csrss.exe 448 2,404 K 4,512 K
wininit.exe 508 2,064 K 5,208 K
services.exe 564 6,824 K 10,456 K
svchost.exe 752 5,028 K 10,072 K Host Process for Windows Services Microsoft Corporation
FlashUtil10q_ActiveX.exe 2108 2,928 K 8,936 K Adobe® Flash® Player Installer/Uninstaller 10.3 r181 Adobe Systems, Inc.
wlcomm.exe 3356 14,588 K 22,716 K Windows Live Communications Platform Microsoft Corporation
svchost.exe 840 5,332 K 9,540 K Host Process for Windows Services Microsoft Corporation
atiesrxx.exe 892 2,060 K 4,852 K AMD External Events Service Module AMD
svchost.exe 976 26,528 K 23,892 K Host Process for Windows Services Microsoft Corporation
audiodg.exe 3124 22,632 K 21,468 K
svchost.exe 1012 152,020 K 158,808 K Host Process for Windows Services Microsoft Corporation
dwm.exe 1508 35,172 K 31,692 K Desktop Window Manager Microsoft Corporation
WUDFHost.exe 2924 2,776 K 6,896 K
svchost.exe 340 23,444 K 42,080 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1044 10,024 K 17,848 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1188 14,104 K 17,944 K Host Process for Windows Services Microsoft Corporation
AvastSvc.exe 1332 69,880 K 21,208 K avast! Service AVAST Software
spoolsv.exe 928 8,528 K 14,416 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1444 8,704 K 8,140 K Host Process for Windows Services Microsoft Corporation
taskhost.exe 1432 3,736 K 9,044 K Host Process for Windows Tasks Microsoft Corporation
svchost.exe 2280 1,404 K 3,224 K Host Process for Windows Services Microsoft Corporation
WLIDSVC.EXE 2328 8,964 K 17,008 K
WLIDSVCM.EXE 2592 1,820 K 3,924 K
svchost.exe 2940 3,600 K 6,880 K Host Process for Windows Services Microsoft Corporation
wmpnetwk.exe 2780 12,108 K 8,368 K Windows Media Player Network Sharing Service Microsoft Corporation
svchost.exe 2900 0.77 8,312 K 67,992 K Host Process for Windows Services Microsoft Corporation
svchost.exe 112 14,152 K 18,512 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3664 74,648 K 40,208 K Host Process for Windows Services Microsoft Corporation
afwServ.exe 2824 3,900 K 2,784 K avast! firewall service AVAST Software
iPodService.exe 1076 3,468 K 7,864 K iPodService Module (64-bit) Apple Inc.
lsass.exe 580 7,740 K 15,148 K Local Security Authority Process Microsoft Corporation
lsm.exe 588 3,008 K 4,996 K
csrss.exe 528 3,028 K 9,592 K
conhost.exe 4868 1,608 K 3,988 K Console Window Host Microsoft Corporation
conhost.exe 4036 1,592 K 3,956 K Console Window Host Microsoft Corporation
winlogon.exe 628 3,236 K 7,664 K
explorer.exe 1532 40,028 K 63,128 K Windows Explorer Microsoft Corporation
itype.exe 1660 11,796 K 3,632 K IType.exe Microsoft Corporation
dpupdchk.exe 1736 2,236 K 5,048 K dpupdchk.exe Microsoft Corporation
iexplore.exe 2092 23,000 K 36,596 K Internet Explorer Microsoft Corporation
iexplore.exe 2804 133,476 K 193,752 K Internet Explorer Microsoft Corporation
robotaskbaricon.exe 3300 8,948 K 18,096 K RoboForm TaskBar Icon Siber Systems
wlmail.exe 3324 80,716 K 104,116 K Windows Live Mail Microsoft Corporation
iexplore.exe 960 68,144 K 123,964 K Internet Explorer Microsoft Corporation
ipoint.exe 1676 7,388 K 17,412 K IPoint.exe Microsoft Corporation
CaledosWallpaper6.exe 1708 45,988 K 50,020 K Caledos Automatic Wallpaper Changer CaledosLAB
blueline.exe 3260 22,536 K 32,412 K BlueLine ITX Associates
notepad.exe 2076 2,216 K 7,292 K Notepad Microsoft Corporation
iTunes.exe 4764 3.86 56,572 K 67,504 K iTunes Apple Inc.
AppleMobileDeviceHelper.exe 3848 3,340 K 10,764 K MobileDeviceHelper Apple Inc.
distnoted.exe 1828 1,848 K 5,780 K distnoted Apple Inc.
procexp.exe 4552 2,440 K 8,568 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
procexp64.exe 2880 19,512 K 36,504 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
AvastUI.exe 1832 17,652 K 13,032 K avast! Antivirus AVAST Software
ctfmon.exe 3928 1,820 K 4,096 K CTF Loader Microsoft Corporation
WinPatrol.exe 1848 3,788 K 8,948 K WinPatrol System Monitor BillP Studios
#41
Posted 23 May 2011 - 02:31 PM
Ken2893
- Topic Starter
-
- Member
-
- 39 posts
Member
something happened with the post.
#42
Posted 23 May 2011 - 02:33 PM
Ken2893
- Topic Starter
-
- Member
-
- 39 posts
Member
something happened with the post.
#44
Posted 23 May 2011 - 03:11 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
It is dmw using the vast majority of memory
Have a read of this page
Try the two fixes suggested there and see if that helps - the fixes are very easily reversed. But it will enable us to narrow down the problem area
Also lets run a quick programme to look at the MBR
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Have a read of this page
Try the two fixes suggested there and see if that helps - the fixes are very easily reversed. But it will enable us to narrow down the problem area
Also lets run a quick programme to look at the MBR
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
#45
Posted 23 May 2011 - 03:56 PM
Ken2893
- Topic Starter
-
- Member
-
- 39 posts
Member
That's kinda weird that wpuld happen
Attached Files
-
aswMBR.txt 1.3KB
102 downloads
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
