Sluggish, can't find malware, Vista OS, OTL log include
Started by
BeckyH
, Jun 15 2011 09:26 AM
#61
Posted 21 June 2011 - 12:20 PM
BeckyH
- Topic Starter
-
- Member
-
- 146 posts
Member
#62
Posted 21 June 2011 - 05:36 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
OK. We got rid of the beep error. I suppose the next question is does your audio still work?
We still have a bunch of Windows Live processes that are not playing well with Windows. We need to uninstall anything that calls itself Windows Live...whatever. If this is something you use you can reinstall it and perhaps it will work better.
Ron
We still have a bunch of Windows Live processes that are not playing well with Windows. We need to uninstall anything that calls itself Windows Live...whatever. If this is something you use you can reinstall it and perhaps it will work better.
Ron
#63
Posted 21 June 2011 - 05:54 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
I need more info on the laptop. If I go to HP they ask me to choose from a long list:
http://h20000.www2.h...SeriesId=453246
http://h20000.www2.h...SeriesId=453246
#64
Posted 21 June 2011 - 07:43 PM
BeckyH
- Topic Starter
-
- Member
-
- 146 posts
Member
tell me where to find it cause that is all the info that is listed under My Computer, Properties...
on the bottom of the computer it says HP dv4 1123us but i couldn't find anything on the computer that matched anything on the list...so tell me where to look to get more info...
and I have uninstalled anything that says Windows Live EXCEPT Windows Live Essentials 2011...that is what (I think) does Windows Messenger, mail etc...
yes my audio works but I have folders in the Pictures folder that it says can't be found but they are showing there...
on the bottom of the computer it says HP dv4 1123us but i couldn't find anything on the computer that matched anything on the list...so tell me where to look to get more info...
and I have uninstalled anything that says Windows Live EXCEPT Windows Live Essentials 2011...that is what (I think) does Windows Messenger, mail etc...
yes my audio works but I have folders in the Pictures folder that it says can't be found but they are showing there...
#65
Posted 21 June 2011 - 08:18 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Windows Live Essentials 2011 is a blanket installer that installs about half a dozen programs. It appears to be the cause of a lot of your errors so I think we need to uninstall it then (if you really find you can't live without it, redownload and reinstall it).
This is the page for your PC:
http://h10025.www1.h...ct=3810181#N216
I'm betting that it was the modem software that tried to use the beep. It seems to think it can work on both 32 and 64 bit systems.
I've been reading about your PC. It is supposed to have some sort of coolsense technology that allows you to tune it for temperature or sound. You might check if that is so and if you can change it to run cooler.
Found this on cleaning it:
http://h10025.www1.h...product=3810181
When you boot up do you hear the fan run?
You are going to need to upgrade to SP2 one of these days. HP says you should upgrade the BIOS first.
http://h10025.www1.h...product=3810181
Ron
This is the page for your PC:
http://h10025.www1.h...ct=3810181#N216
I'm betting that it was the modem software that tried to use the beep. It seems to think it can work on both 32 and 64 bit systems.
I've been reading about your PC. It is supposed to have some sort of coolsense technology that allows you to tune it for temperature or sound. You might check if that is so and if you can change it to run cooler.
Found this on cleaning it:
http://h10025.www1.h...product=3810181
When you boot up do you hear the fan run?
You are going to need to upgrade to SP2 one of these days. HP says you should upgrade the BIOS first.
http://h10025.www1.h...product=3810181
Ron
#66
Posted 21 June 2011 - 10:15 PM
BeckyH
- Topic Starter
-
- Member
-
- 146 posts
Member
well I don't understand why its not running sp2 because it says under the My Computer, Properties is IS running service pack 2..it has always been supposed to update the windows stuff automatically(I can prob do you a screen shot of it if it would help)and I do the get the little icon in the tray telling me updates are ready to install at least once a week...sometimes more...
It also has always been set to download and automatically install any HP updates...that also is kind of strange...According to the HP Assistant, the only update that was not up to date was the HP Support Assistant (it has been upgraded) and it is now being downloaded and installed.
I ran the SIW thing today to check the sensor temps because I noticed it hadn't been burning my left hand when I laid it below the keyboard (beside the touch pad) and it is running about 58-62C when not using firefox and about 70C when I am on the internet...so whatever we have done it is definitely cooling it down...
I ran the repair option on the windows live essentials thing while waiting to hear back from you but I can definitely uninstall it if you think it will help.
I always hear the fan when I boot up and it cuts on an off..but I also run the external fan that it sits on...and I regularly blow the dust/lint out with compressed air..
It also has always been set to download and automatically install any HP updates...that also is kind of strange...According to the HP Assistant, the only update that was not up to date was the HP Support Assistant (it has been upgraded) and it is now being downloaded and installed.
I ran the SIW thing today to check the sensor temps because I noticed it hadn't been burning my left hand when I laid it below the keyboard (beside the touch pad) and it is running about 58-62C when not using firefox and about 70C when I am on the internet...so whatever we have done it is definitely cooling it down...
I ran the repair option on the windows live essentials thing while waiting to hear back from you but I can definitely uninstall it if you think it will help.
I always hear the fan when I boot up and it cuts on an off..but I also run the external fan that it sits on...and I regularly blow the dust/lint out with compressed air..
#67
Posted 21 June 2011 - 10:22 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
My mistake. Must have gotten you confused with another one. You do have SP2 so forget that.
After you run your repair on Windows live, reboot then run Vino's again and let me see if we are still getting the errors.
Glad it's running cooler. It's still a bit hotter than I like but much improved.
After you run your repair on Windows live, reboot then run Vino's again and let me see if we are still getting the errors.
Glad it's running cooler. It's still a bit hotter than I like but much improved.
#68
Posted 21 June 2011 - 10:49 PM
BeckyH
- Topic Starter
-
- Member
-
- 146 posts
Member
ok I ran the temp thing again after the latest reboot and was wondering if I had been giving you the right temps...there are three separate listings all of which are cooler than before...
Sensor Value Min Max
Hewlett Packard 30F7 52 52 64
Intell Mobile Core
Core 1 54 54 70
Core 2 52 53 70
WDCW2500BEVS-60US20
Assembly 46 46 48
Air Flow 46 46 48
These numbers are fluctuating up and down a little but not a lot at the moment...so are these normal or what?
Here are event logs you wanted...
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 22/06/2011 12:37:50 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/06/2011 4:33:32 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/06/2011 4:31:31 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2902236165-3934322-1294904898-1000_Classes:
Process 1740 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Log: 'Application' Date/Time: 22/06/2011 4:31:29 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-2902236165-3934322-1294904898-1000:
Process 5336 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 5336 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 22/06/2011 12:38:23 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/06/2011 4:36:52 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
Log: 'System' Date/Time: 22/06/2011 4:34:03 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sensor Value Min Max
Hewlett Packard 30F7 52 52 64
Intell Mobile Core
Core 1 54 54 70
Core 2 52 53 70
WDCW2500BEVS-60US20
Assembly 46 46 48
Air Flow 46 46 48
These numbers are fluctuating up and down a little but not a lot at the moment...so are these normal or what?
Here are event logs you wanted...
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 22/06/2011 12:37:50 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/06/2011 4:33:32 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/06/2011 4:31:31 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2902236165-3934322-1294904898-1000_Classes:
Process 1740 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Log: 'Application' Date/Time: 22/06/2011 4:31:29 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-2902236165-3934322-1294904898-1000:
Process 5336 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 5336 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 22/06/2011 12:38:23 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/06/2011 4:36:52 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
Log: 'System' Date/Time: 22/06/2011 4:34:03 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Edited by BeckyH, 21 June 2011 - 10:50 PM.
#69
Posted 22 June 2011 - 12:58 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Intell Mobile Core
Core 1 54 54 70
Core 2 52 53 70
The first number is the current temp. Last is a maximum - I think for this boot period tho I'm not sure.
54 and 52 are good for a laptop. 70 is a bit hotter than I want to see.
See if you can start the Microsoft .NET Framework NGEN v4.0.30319_X86 service
Right click on Computer and select Manage then Services and Applications then Services. Find Microsoft .NET Framework NGEN v4.0.30319_X86 service and right click and select Properties then Start. Does it get an error? IF it won't Start you can try setting the Startup Type to Manual and OK. See if you notice any problems.
You are still getting some registry leaks. Don't know why. One is from msiexec (installer)and the other from spoolsv (printer spooler). Not sure what we can do about them. Getting way out of my specialty I'm afraid.
Ron
Core 1 54 54 70
Core 2 52 53 70
The first number is the current temp. Last is a maximum - I think for this boot period tho I'm not sure.
54 and 52 are good for a laptop. 70 is a bit hotter than I want to see.
See if you can start the Microsoft .NET Framework NGEN v4.0.30319_X86 service
Right click on Computer and select Manage then Services and Applications then Services. Find Microsoft .NET Framework NGEN v4.0.30319_X86 service and right click and select Properties then Start. Does it get an error? IF it won't Start you can try setting the Startup Type to Manual and OK. See if you notice any problems.
You are still getting some registry leaks. Don't know why. One is from msiexec (installer)and the other from spoolsv (printer spooler). Not sure what we can do about them. Getting way out of my specialty I'm afraid.
Ron
#70
Posted 22 June 2011 - 05:51 AM
BeckyH
- Topic Starter
-
- Member
-
- 146 posts
Member
you have went over and aboard helping me get this thing running...I don't know how to thank you enough...you've helped me more than I would have thought...
It was set on Automatic delayed start but when I started it, there was no prob at all with it starting right up. Not the first error to be found...is this something that needs changed to automatic or started every time?
Now this avasti works the same as macafee, correct? so if I don't reinstall macafee I will be ok???
Is there anything else I can do that would help keep it up to speed? (and are you up to helping me do my desktop and get it up to speed? you are totally awesome at this)
It was set on Automatic delayed start but when I started it, there was no prob at all with it starting right up. Not the first error to be found...is this something that needs changed to automatic or started every time?
Now this avasti works the same as macafee, correct? so if I don't reinstall macafee I will be ok???
Is there anything else I can do that would help keep it up to speed? (and are you up to helping me do my desktop and get it up to speed? you are totally awesome at this)
Edited by BeckyH, 22 June 2011 - 05:51 AM.
#71
Posted 22 June 2011 - 09:05 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
IF it started then I wouldn't worry about it. I just saw it didn't one time so thought it might be sick. .net is MS's replacement for C++ and it's not used all that much so I wouldn't worry about it.
Avast is a lot better than McAfee. Make sure you register (if you don't it will nag you to death). Doesn't cost anything. After a year or so you will need to register again. That will give them a chance to try to talk you into the paid version but you can stick with the free.
You might want to try adding Online Armor. It's a free firewall that is better than the one that Windows provides. http://www.online-ar...-armor-free.php
We need to do some housekeeping on this one then I'll be glad to start on the desktop (run OTL and post both logs)
We need to clean up System Restore.
The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.
Once you have created a Restore Point:
Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr
Select "Files from All Users."
Continue
Select OS (C:)
OK
It will think for a few minutes.
Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:
"%userprofile%\Desktop\combofix.exe" /Uninstall
Start, Programs, Accessories then right click on Command Prompt and Run As Administrator
Now right click, Paste, (or Edit, Paste) then hit Enter.
OTL has a cleanup Tab which will remove its files and a lot of other common tools tho not vino's or aswmbr.
To hide hidden files again (probably OTL will do it for you but just in case):
Vista or Win7
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.
You do not have the latest Java (Java™ 6 Update 26). Get the latest at:
http://javadl.sun.co...?BundleId=41723
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
To help keep your programs up-to-date you can download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/
If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.
If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.
Ron
Avast is a lot better than McAfee. Make sure you register (if you don't it will nag you to death). Doesn't cost anything. After a year or so you will need to register again. That will give them a chance to try to talk you into the paid version but you can stick with the free.
You might want to try adding Online Armor. It's a free firewall that is better than the one that Windows provides. http://www.online-ar...-armor-free.php
We need to do some housekeeping on this one then I'll be glad to start on the desktop (run OTL and post both logs)
We need to clean up System Restore.
The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.
Once you have created a Restore Point:
Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr
Select "Files from All Users."
Continue
Select OS (C:)
OK
It will think for a few minutes.
Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:
"%userprofile%\Desktop\combofix.exe" /Uninstall
Start, Programs, Accessories then right click on Command Prompt and Run As Administrator
Now right click, Paste, (or Edit, Paste) then hit Enter.
OTL has a cleanup Tab which will remove its files and a lot of other common tools tho not vino's or aswmbr.
To hide hidden files again (probably OTL will do it for you but just in case):
Vista or Win7
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.
You do not have the latest Java (Java™ 6 Update 26). Get the latest at:
http://javadl.sun.co...?BundleId=41723
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
To help keep your programs up-to-date you can download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/
If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.
If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.
Ron
#72
Posted 22 June 2011 - 11:03 AM
BeckyH
- Topic Starter
-
- Member
-
- 146 posts
Member
ok I think I got most everything cleaned off...just a fyi here is the latest procep log so you can see if there is anything else that shouldn't be running that is...I will post the OTL logs for the desktop in a little bit...and THANK YOU SOOO MUCH....you're awesome 
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 83.41 0 K 24 K
WmiPrvSE.exe 4332 10.00 9,064 K 15,752 K WMI Provider Host Microsoft Corporation
procexp64.exe 2092 3.85 22,736 K 34,460 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
System 4 0.77 0 K 8,972 K
svchost.exe 736 0.77 115,616 K 131,872 K Host Process for Windows Services Microsoft Corporation
Interrupts n/a 0.77 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 1744 1.54 41,248 K 33,880 K Desktop Window Manager Microsoft Corporation
svchost.exe 1388 0.77 31,072 K 35,924 K Host Process for Windows Services Microsoft Corporation
hkcmd.exe 1940 < 0.01 3,140 K 7,376 K hkcmd Module Intel Corporation
csrss.exe 668 < 0.01 3,568 K 10,124 K Client Server Runtime Process Microsoft Corporation
spoolsv.exe 1872 < 0.01 10,216 K 18,356 K Spooler SubSystem App Microsoft Corporation
plugin-container.exe 4304 < 0.01 15,196 K 19,728 K Plugin Container for Firefox Mozilla Corporation
firefox.exe 2020 < 0.01 153,708 K 173,588 K Firefox Mozilla Corporation
ApMsgFwd.exe 4200 < 0.01 2,096 K 4,544 K ApMsgFwd Alps Electric Co., Ltd.
svchost.exe 660 < 0.01 118,648 K 126,892 K Host Process for Windows Services Microsoft Corporation
igfxsrvc.exe 2612 < 0.01 3,136 K 7,228 K igfxsrvc Module Intel Corporation
PanelApp.exe 1956 < 0.01 21,264 K 31,700 K
explorer.exe 1764 < 0.01 32,148 K 50,128 K Windows Explorer Microsoft Corporation
lsass.exe 756 < 0.01 5,688 K 12,924 K Local Security Authority Process Microsoft Corporation
AvastSvc.exe 1592 < 0.01 21,180 K 5,740 K avast! Service AVAST Software
stacsv64.exe 980 < 0.01 9,060 K 8,584 K IDT PC Audio IDT, Inc.
svchost.exe 584 < 0.01 18,740 K 17,980 K Host Process for Windows Services Microsoft Corporation
AvastUI.exe 1304 < 0.01 6,628 K 6,284 K avast! Antivirus AVAST Software
wlanext.exe 1600 < 0.01 3,024 K 7,112 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation
svchost.exe 996 < 0.01 6,292 K 10,616 K Host Process for Windows Services Microsoft Corporation
lsm.exe 768 3,764 K 6,116 K Local Session Manager Service Microsoft Corporation
Apoint.exe 1908 < 0.01 3,984 K 9,696 K Alps Pointing-device Driver Alps Electric Co., Ltd.
svchost.exe 328 75,160 K 44,060 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1212 12,072 K 19,540 K Host Process for Windows Services Microsoft Corporation
csrss.exe 612 < 0.01 2,860 K 8,048 K Client Server Runtime Process Microsoft Corporation
svchost.exe 2492 < 0.01 4,832 K 8,680 K Host Process for Windows Services Microsoft Corporation
taskeng.exe 2172 < 0.01 11,428 K 14,608 K Task Scheduler Engine Microsoft Corporation
hpservice.exe 1288 < 0.01 3,816 K 6,608 K HpService Hewlett-Packard Company
wmpnscfg.exe 2888 3,080 K 7,656 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 2972 4,660 K 9,148 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 3776 2,104 K 4,324 K Microsoft® Windows Live ID Service Monitor Microsoft Corp.
WLIDSVC.EXE 3600 9,004 K 16,728 K Microsoft® Windows Live ID Service Microsoft Corp.
winlogon.exe 704 3,452 K 8,300 K Windows Logon Application Microsoft Corporation
wininit.exe 648 2,360 K 5,916 K Windows Start-Up Application Microsoft Corporation
ViewpointService.exe 3292 2,196 K 5,804 K ViewMgr Viewpoint Corporation
taskeng.exe 864 3,376 K 8,408 K Task Scheduler Engine Microsoft Corporation
svchost.exe 3544 6,604 K 10,908 K Host Process for Windows Services Microsoft Corporation
svchost.exe 924 4,332 K 8,428 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2960 6,724 K 11,880 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1196 22,364 K 27,220 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1168 3,380 K 6,972 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2196 4,152 K 8,408 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3080 3,584 K 7,560 K Host Process for Windows Services Microsoft Corporation
svchost.exe 5088 2,808 K 7,256 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3260 5,296 K 9,208 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1660 1,888 K 4,472 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2736 1,764 K 4,080 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3556 1,620 K 3,444 K Host Process for Windows Services Microsoft Corporation
sttray64.exe 1924 9,424 K 18,044 K IDT PC Audio IDT, Inc.
sqlwriter.exe 3212 4,900 K 9,556 K SQL Server VSS Writer - 64 Bit Microsoft Corporation
sqlservr.exe 2608 41,380 K 2,776 K SQL Server Windows NT Microsoft Corporation
sqlbrowser.exe 3192 1,844 K 5,068 K SQL Browser Service EXE Microsoft Corporation
smss.exe 544 496 K 1,032 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1184 8,572 K 13,432 K Microsoft Software Licensing Service Microsoft Corporation
services.exe 744 4,000 K 9,268 K Services and Controller app Microsoft Corporation
SeaPort.exe 3128 6,080 K 10,300 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
rundll32.exe 4344 3,096 K 4,324 K Windows host process (Rundll32) Microsoft Corporation
QLBCTRL.exe 1108 4,400 K 10,320 K Quick Launch Buttons Hewlett-Packard Development Company, L.P.
procexp.exe 4116 3,788 K 9,660 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
mscorsvw.exe 1440 5,540 K 10,548 K .NET Runtime Optimization Service Microsoft Corporation
inetinfo.exe 2352 11,676 K 19,616 K Internet Information Services Microsoft Corporation
hpwuschd2.exe 1176 1,596 K 4,908 K hpwuSchd Application Hewlett-Packard
HPWAMain.exe 1240 < 0.01 54,520 K 51,888 K HP Wireless Assistant Main Program Hewlett-Packard Company
hpqWmiEx.exe 2868 3,520 K 7,780 K hpqwmiex Module Hewlett-Packard Company
hpqtra08.exe 2008 < 0.01 5,260 K 13,096 K HP Digital Imaging Monitor Hewlett-Packard Co.
HpqToaster.exe 4764 2,828 K 8,956 K HpqToaster Module
HPKBDAPP.exe 1916 7,780 K 8,652 K HP QuickTouch On Screen Display Hewlett-Packard Development Company, L.P.
HPHC_Service.exe 3488 29,520 K 12,328 K HP Support Assistant Hewlett-Packard Company
HPDrvMntSvc.exe 1032 1,508 K 4,524 K HP Quick Synchronization Service Hewlett-Packard Company
hpCaslNotification.exe 4792 31,960 K 9,740 K hpCaslNotification Hewlett-Packard Development Company L.P.
ehtray.exe 1948 2,868 K 2,136 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 1324 2,524 K 6,412 K Media Center Media Status Aggregator Service Microsoft Corporation
Com4QLBEx.exe 4408 1,772 K 5,780 K Com for QLB application Hewlett-Packard Development Company, L.P.
BLService.exe 3092 1,904 K 5,404 K STServices
audiodg.exe 1116 14,236 K 17,708 K Windows Audio Device Graph Isolation Microsoft Corporation
ApntEx.exe 4240 2,668 K 5,760 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
agr64svc.exe 2948 1,768 K 3,688 K LSI Soft Modem Call Progress Service LSI Corporation
AESTSr64.exe 2920 1,256 K 2,976 K Andrea filters APO access service (64-bit) Andrea Electronics Corporation
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 83.41 0 K 24 K
WmiPrvSE.exe 4332 10.00 9,064 K 15,752 K WMI Provider Host Microsoft Corporation
procexp64.exe 2092 3.85 22,736 K 34,460 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
System 4 0.77 0 K 8,972 K
svchost.exe 736 0.77 115,616 K 131,872 K Host Process for Windows Services Microsoft Corporation
Interrupts n/a 0.77 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 1744 1.54 41,248 K 33,880 K Desktop Window Manager Microsoft Corporation
svchost.exe 1388 0.77 31,072 K 35,924 K Host Process for Windows Services Microsoft Corporation
hkcmd.exe 1940 < 0.01 3,140 K 7,376 K hkcmd Module Intel Corporation
csrss.exe 668 < 0.01 3,568 K 10,124 K Client Server Runtime Process Microsoft Corporation
spoolsv.exe 1872 < 0.01 10,216 K 18,356 K Spooler SubSystem App Microsoft Corporation
plugin-container.exe 4304 < 0.01 15,196 K 19,728 K Plugin Container for Firefox Mozilla Corporation
firefox.exe 2020 < 0.01 153,708 K 173,588 K Firefox Mozilla Corporation
ApMsgFwd.exe 4200 < 0.01 2,096 K 4,544 K ApMsgFwd Alps Electric Co., Ltd.
svchost.exe 660 < 0.01 118,648 K 126,892 K Host Process for Windows Services Microsoft Corporation
igfxsrvc.exe 2612 < 0.01 3,136 K 7,228 K igfxsrvc Module Intel Corporation
PanelApp.exe 1956 < 0.01 21,264 K 31,700 K
explorer.exe 1764 < 0.01 32,148 K 50,128 K Windows Explorer Microsoft Corporation
lsass.exe 756 < 0.01 5,688 K 12,924 K Local Security Authority Process Microsoft Corporation
AvastSvc.exe 1592 < 0.01 21,180 K 5,740 K avast! Service AVAST Software
stacsv64.exe 980 < 0.01 9,060 K 8,584 K IDT PC Audio IDT, Inc.
svchost.exe 584 < 0.01 18,740 K 17,980 K Host Process for Windows Services Microsoft Corporation
AvastUI.exe 1304 < 0.01 6,628 K 6,284 K avast! Antivirus AVAST Software
wlanext.exe 1600 < 0.01 3,024 K 7,112 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation
svchost.exe 996 < 0.01 6,292 K 10,616 K Host Process for Windows Services Microsoft Corporation
lsm.exe 768 3,764 K 6,116 K Local Session Manager Service Microsoft Corporation
Apoint.exe 1908 < 0.01 3,984 K 9,696 K Alps Pointing-device Driver Alps Electric Co., Ltd.
svchost.exe 328 75,160 K 44,060 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1212 12,072 K 19,540 K Host Process for Windows Services Microsoft Corporation
csrss.exe 612 < 0.01 2,860 K 8,048 K Client Server Runtime Process Microsoft Corporation
svchost.exe 2492 < 0.01 4,832 K 8,680 K Host Process for Windows Services Microsoft Corporation
taskeng.exe 2172 < 0.01 11,428 K 14,608 K Task Scheduler Engine Microsoft Corporation
hpservice.exe 1288 < 0.01 3,816 K 6,608 K HpService Hewlett-Packard Company
wmpnscfg.exe 2888 3,080 K 7,656 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 2972 4,660 K 9,148 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 3776 2,104 K 4,324 K Microsoft® Windows Live ID Service Monitor Microsoft Corp.
WLIDSVC.EXE 3600 9,004 K 16,728 K Microsoft® Windows Live ID Service Microsoft Corp.
winlogon.exe 704 3,452 K 8,300 K Windows Logon Application Microsoft Corporation
wininit.exe 648 2,360 K 5,916 K Windows Start-Up Application Microsoft Corporation
ViewpointService.exe 3292 2,196 K 5,804 K ViewMgr Viewpoint Corporation
taskeng.exe 864 3,376 K 8,408 K Task Scheduler Engine Microsoft Corporation
svchost.exe 3544 6,604 K 10,908 K Host Process for Windows Services Microsoft Corporation
svchost.exe 924 4,332 K 8,428 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2960 6,724 K 11,880 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1196 22,364 K 27,220 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1168 3,380 K 6,972 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2196 4,152 K 8,408 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3080 3,584 K 7,560 K Host Process for Windows Services Microsoft Corporation
svchost.exe 5088 2,808 K 7,256 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3260 5,296 K 9,208 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1660 1,888 K 4,472 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2736 1,764 K 4,080 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3556 1,620 K 3,444 K Host Process for Windows Services Microsoft Corporation
sttray64.exe 1924 9,424 K 18,044 K IDT PC Audio IDT, Inc.
sqlwriter.exe 3212 4,900 K 9,556 K SQL Server VSS Writer - 64 Bit Microsoft Corporation
sqlservr.exe 2608 41,380 K 2,776 K SQL Server Windows NT Microsoft Corporation
sqlbrowser.exe 3192 1,844 K 5,068 K SQL Browser Service EXE Microsoft Corporation
smss.exe 544 496 K 1,032 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1184 8,572 K 13,432 K Microsoft Software Licensing Service Microsoft Corporation
services.exe 744 4,000 K 9,268 K Services and Controller app Microsoft Corporation
SeaPort.exe 3128 6,080 K 10,300 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
rundll32.exe 4344 3,096 K 4,324 K Windows host process (Rundll32) Microsoft Corporation
QLBCTRL.exe 1108 4,400 K 10,320 K Quick Launch Buttons Hewlett-Packard Development Company, L.P.
procexp.exe 4116 3,788 K 9,660 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
mscorsvw.exe 1440 5,540 K 10,548 K .NET Runtime Optimization Service Microsoft Corporation
inetinfo.exe 2352 11,676 K 19,616 K Internet Information Services Microsoft Corporation
hpwuschd2.exe 1176 1,596 K 4,908 K hpwuSchd Application Hewlett-Packard
HPWAMain.exe 1240 < 0.01 54,520 K 51,888 K HP Wireless Assistant Main Program Hewlett-Packard Company
hpqWmiEx.exe 2868 3,520 K 7,780 K hpqwmiex Module Hewlett-Packard Company
hpqtra08.exe 2008 < 0.01 5,260 K 13,096 K HP Digital Imaging Monitor Hewlett-Packard Co.
HpqToaster.exe 4764 2,828 K 8,956 K HpqToaster Module
HPKBDAPP.exe 1916 7,780 K 8,652 K HP QuickTouch On Screen Display Hewlett-Packard Development Company, L.P.
HPHC_Service.exe 3488 29,520 K 12,328 K HP Support Assistant Hewlett-Packard Company
HPDrvMntSvc.exe 1032 1,508 K 4,524 K HP Quick Synchronization Service Hewlett-Packard Company
hpCaslNotification.exe 4792 31,960 K 9,740 K hpCaslNotification Hewlett-Packard Development Company L.P.
ehtray.exe 1948 2,868 K 2,136 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 1324 2,524 K 6,412 K Media Center Media Status Aggregator Service Microsoft Corporation
Com4QLBEx.exe 4408 1,772 K 5,780 K Com for QLB application Hewlett-Packard Development Company, L.P.
BLService.exe 3092 1,904 K 5,404 K STServices
audiodg.exe 1116 14,236 K 17,708 K Windows Audio Device Graph Isolation Microsoft Corporation
ApntEx.exe 4240 2,668 K 5,760 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
agr64svc.exe 2948 1,768 K 3,688 K LSI Soft Modem Call Progress Service LSI Corporation
AESTSr64.exe 2920 1,256 K 2,976 K Andrea filters APO access service (64-bit) Andrea Electronics Corporation
#73
Posted 22 June 2011 - 11:39 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
WmiPrvSE.exe is still too high. That why we were trying to rename that folder so it would have to make a new database.
One thing we haven't tried:
Start, Programs, Accessories, right click on Command Prompt and select Run As Administrator then type msconfig.
Under Startup, uncheck everything but Avast. Under Services, check Hide Microsoft Services then uncheck all that remain. OK Reboot (Cancel out msconfig when it comes up) run Process Explorer and see if WmiPrvSE.exe is still running at 10%. IF not then one of the programs we unchecked is the cause and you can go back in and turn on about 1/2 of them and reboot and see if you can isolate it to a single program. May take a while. If that has no effect then try unhiding the microsoft services and turn them off too.
Ron
One thing we haven't tried:
Start, Programs, Accessories, right click on Command Prompt and select Run As Administrator then type msconfig.
Under Startup, uncheck everything but Avast. Under Services, check Hide Microsoft Services then uncheck all that remain. OK Reboot (Cancel out msconfig when it comes up) run Process Explorer and see if WmiPrvSE.exe is still running at 10%. IF not then one of the programs we unchecked is the cause and you can go back in and turn on about 1/2 of them and reboot and see if you can isolate it to a single program. May take a while. If that has no effect then try unhiding the microsoft services and turn them off too.
Ron
#74
Posted 22 June 2011 - 07:01 PM
BeckyH
- Topic Starter
-
- Member
-
- 146 posts
Member
ok I'll try that on the laptop in a couple min and post the results...(sorry for the delay) unexpected real life issue interfered)
Here is the OTL log of the desktop. It is a Lenovo 3000 J series desktop with AMD Athlon™ Dual Core Processor 3800+ 2.0 Ghz 4 GB RAM and 32 bit operating system, Vista service pack 2.
It has had virus scan run as well as Malwarebytes with no results found but like the laptop is dragging...
One problem that I know exists (that we've never been able to get rid of) is Limewire is showing from several years ago when my daughter decided to "try it out". We uninstalled it then but there still appears to be orphan fragments etc that we have not been able to get rid of..
Anyways here's the Logfile on the desktop
OTL logfile created on: 6/22/2011 11:49:38 AM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Charlie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.94 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 28.62% Memory free
6.09 Gb Paging File | 2.79 Gb Available in Paging File | 45.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.85 Gb Total Space | 121.70 Gb Free Space | 53.89% Space Free | Partition Type: NTFS
Computer Name: MAINBEDROOM | User Name: Charlie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/22 11:40:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe
PRC - [2011/06/17 09:58:59 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/29 14:08:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/16 10:52:12 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/03/18 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/04/13 11:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/12/14 03:13:02 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2006/12/14 02:59:04 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/11/20 01:10:04 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2006/11/15 20:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/11/15 20:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/11/03 00:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/29 03:33:12 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2006/04/07 15:02:24 | 001,343,488 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
========== Modules (SafeList) ==========
MOD - [2011/06/22 11:40:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2008/05/16 10:52:12 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/04/13 11:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/12/14 03:13:02 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2006/11/20 01:10:04 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/11/15 20:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/11/03 00:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
========== Driver Services (SafeList) ==========
DRV - [2011/06/02 21:08:20 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110622.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/05/19 15:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110616.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/17 22:38:30 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110621.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/17 22:38:30 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110621.035\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 20:50:23 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 20:50:23 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/29 20:03:40 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/05/04 16:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/05/04 16:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/05 15:04:16 | 000,017,920 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/03/22 20:47:00 | 007,467,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/03/12 10:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2007/02/19 01:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/08 15:54:02 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/08 15:52:58 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DPV)
DRV - [2006/11/06 04:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/11/02 03:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/10/23 17:56:56 | 000,016,192 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2006/10/23 17:55:26 | 000,023,360 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2002/03/28 16:11:22 | 000,024,072 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) SQ Video Capture(9120)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.co...ome/3000desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.co...ome/3000desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.aol.com"
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/17 09:59:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2011/01/31 16:28:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2011/01/29 20:09:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/17 09:59:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 11:39:29 | 000,000,000 | ---D | M]
[2009/10/10 12:10:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlie\AppData\Roaming\Mozilla\Extensions
[2011/06/17 09:56:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\hgei34s8.default\extensions
[2011/04/13 08:44:46 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\hgei34s8.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/04/13 08:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/29 16:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/13 08:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/13 08:44:21 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
File not found (No name found) --
[2011/06/17 09:59:37 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\CHARLIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGEI34S8.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\USERS\CHARLIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGEI34S8.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2009/06/26 00:15:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/29 14:08:57 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2009/10/05 02:00:39 | 000,000,202 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10s_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.co...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.64.23 24.178.162.3 97.81.22.195
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{36d40e9d-4d89-11e0-974a-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{36d40e9d-4d89-11e0-974a-00038a000015}\Shell\AutoRun\command - "" = J:\TLBootstrap_WPP.exe
O33 - MountPoints2\{48be00f0-bbc0-11dd-baf2-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{48be00f0-bbc0-11dd-baf2-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/22 11:40:39 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe
[2011/06/12 19:49:09 | 000,000,000 | ---D | C] -- C:\Users\Charlie\AppData\Roaming\Apple Computer
[2011/06/12 19:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/12 19:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/12 19:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/12 19:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/12 19:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
========== Files - Modified Within 30 Days ==========
[2011/06/22 11:40:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe
[2011/06/22 11:12:44 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 11:12:44 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 10:57:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/22 01:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/20 09:13:00 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2011/06/20 09:13:00 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2011/06/20 09:12:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/18 18:11:12 | 000,000,759 | ---- | M] () -- C:\Users\Charlie\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/06/18 18:11:11 | 000,000,735 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/06/17 10:01:34 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/06/17 09:57:58 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/15 04:58:38 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/12 19:48:21 | 000,001,685 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/12 19:42:02 | 000,693,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/12 19:42:02 | 000,139,580 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/29 12:13:48 | 000,001,940 | ---- | M] () -- C:\Users\Charlie\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/24 23:42:35 | 000,000,964 | ---- | M] () -- C:\Users\Charlie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/24 23:23:54 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/24 23:23:54 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/24 23:23:38 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
========== Files Created - No Company Name ==========
[2011/06/17 10:01:34 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/06/12 19:48:21 | 000,001,685 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/24 23:23:38 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/12 15:22:48 | 000,001,940 | ---- | C] () -- C:\Users\Charlie\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/10 00:32:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/15 20:44:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/15 20:44:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/25 14:50:32 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/01/27 21:37:59 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008/10/12 22:45:46 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2008/08/17 14:16:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/30 21:37:48 | 000,072,192 | ---- | C] () -- C:\Users\Charlie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/18 22:32:27 | 000,001,356 | ---- | C] () -- C:\Users\Charlie\AppData\Local\d3d9caps.dat
[2008/04/09 21:25:57 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/07/29 22:42:18 | 000,552,960 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/07/29 22:42:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/07/29 22:42:18 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2007/06/13 08:07:06 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2007/06/13 08:06:09 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2007/06/13 08:06:09 | 000,122,880 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2007/05/11 15:54:46 | 000,007,516 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/05/11 15:54:46 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\88A311EE95.sys
[2007/05/08 19:50:57 | 000,000,419 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007/05/08 18:51:57 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2007/05/08 18:51:51 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/05/07 07:21:04 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/05/06 17:56:33 | 000,000,737 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/06 17:01:46 | 000,000,751 | ---- | C] () -- C:\Windows\Bti.ini
[2007/05/06 17:01:44 | 000,116,640 | ---- | C] () -- C:\Windows\System32\Ptsaci40.dll
[2007/05/06 17:01:44 | 000,030,080 | ---- | C] () -- C:\Windows\System32\Ptabimp3.exe
[2007/05/06 13:06:35 | 000,022,556 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2007/03/06 18:35:44 | 001,398,352 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2007/03/06 18:22:50 | 000,006,249 | ---- | C] () -- C:\Windows\System32\Setup2k.ini
[2007/03/06 18:22:50 | 000,000,302 | ---- | C] () -- C:\Windows\System32\presetup.ini
[2007/03/06 18:22:49 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL
[2007/03/06 18:22:49 | 000,020,480 | ---- | C] () -- C:\Windows\System32\FSRremoS.EXE
[2006/12/15 07:32:52 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
[2006/12/15 07:32:44 | 000,000,480 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
[2006/11/03 00:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 001,105,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,693,636 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,139,580 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
========== LOP Check ==========
[2009/05/24 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Atari
[2009/12/30 11:04:32 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Canon
[2008/12/14 16:53:02 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/16 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Lenovo
[2009/01/26 19:45:58 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\LimeWire
[2009/11/17 18:28:40 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Opera
[2011/06/20 15:18:25 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\WeatherBug
[2011/06/20 09:11:24 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:07BF512B
< End of report >
Here is the OTL log of the desktop. It is a Lenovo 3000 J series desktop with AMD Athlon™ Dual Core Processor 3800+ 2.0 Ghz 4 GB RAM and 32 bit operating system, Vista service pack 2.
It has had virus scan run as well as Malwarebytes with no results found but like the laptop is dragging...
One problem that I know exists (that we've never been able to get rid of) is Limewire is showing from several years ago when my daughter decided to "try it out". We uninstalled it then but there still appears to be orphan fragments etc that we have not been able to get rid of..
Anyways here's the Logfile on the desktop
OTL logfile created on: 6/22/2011 11:49:38 AM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Charlie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.94 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 28.62% Memory free
6.09 Gb Paging File | 2.79 Gb Available in Paging File | 45.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.85 Gb Total Space | 121.70 Gb Free Space | 53.89% Space Free | Partition Type: NTFS
Computer Name: MAINBEDROOM | User Name: Charlie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/22 11:40:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe
PRC - [2011/06/17 09:58:59 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/29 14:08:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/16 10:52:12 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/03/18 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/04/13 11:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/12/14 03:13:02 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2006/12/14 02:59:04 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/11/20 01:10:04 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2006/11/15 20:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/11/15 20:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/11/03 00:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/29 03:33:12 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2006/04/07 15:02:24 | 001,343,488 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
========== Modules (SafeList) ==========
MOD - [2011/06/22 11:40:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2008/05/16 10:52:12 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/04/13 11:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/12/14 03:13:02 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2006/11/20 01:10:04 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/11/15 20:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/11/03 00:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
========== Driver Services (SafeList) ==========
DRV - [2011/06/02 21:08:20 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110622.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/05/19 15:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110616.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/17 22:38:30 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110621.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/17 22:38:30 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110621.035\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 20:50:23 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 20:50:23 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/29 20:03:40 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/05/04 16:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/05/04 16:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/05 15:04:16 | 000,017,920 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/03/22 20:47:00 | 007,467,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/03/12 10:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2007/02/19 01:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/08 15:54:02 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/08 15:52:58 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DPV)
DRV - [2006/11/06 04:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/11/02 03:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/10/23 17:56:56 | 000,016,192 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2006/10/23 17:55:26 | 000,023,360 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2002/03/28 16:11:22 | 000,024,072 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) SQ Video Capture(9120)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.co...ome/3000desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.co...ome/3000desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.aol.com"
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/17 09:59:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2011/01/31 16:28:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2011/01/29 20:09:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/17 09:59:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 11:39:29 | 000,000,000 | ---D | M]
[2009/10/10 12:10:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlie\AppData\Roaming\Mozilla\Extensions
[2011/06/17 09:56:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\hgei34s8.default\extensions
[2011/04/13 08:44:46 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\hgei34s8.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/04/13 08:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/29 16:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/13 08:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/13 08:44:21 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
File not found (No name found) --
[2011/06/17 09:59:37 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\CHARLIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGEI34S8.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\USERS\CHARLIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HGEI34S8.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2009/06/26 00:15:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/29 14:08:57 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2009/10/05 02:00:39 | 000,000,202 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10s_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.co...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.64.23 24.178.162.3 97.81.22.195
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{36d40e9d-4d89-11e0-974a-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{36d40e9d-4d89-11e0-974a-00038a000015}\Shell\AutoRun\command - "" = J:\TLBootstrap_WPP.exe
O33 - MountPoints2\{48be00f0-bbc0-11dd-baf2-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{48be00f0-bbc0-11dd-baf2-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/22 11:40:39 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe
[2011/06/12 19:49:09 | 000,000,000 | ---D | C] -- C:\Users\Charlie\AppData\Roaming\Apple Computer
[2011/06/12 19:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/12 19:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/12 19:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/12 19:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/12 19:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
========== Files - Modified Within 30 Days ==========
[2011/06/22 11:40:43 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Charlie\Desktop\OTL.exe
[2011/06/22 11:12:44 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 11:12:44 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 10:57:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/22 01:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/20 09:13:00 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2011/06/20 09:13:00 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2011/06/20 09:12:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/18 18:11:12 | 000,000,759 | ---- | M] () -- C:\Users\Charlie\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/06/18 18:11:11 | 000,000,735 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/06/17 10:01:34 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/06/17 09:57:58 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/15 04:58:38 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/12 19:48:21 | 000,001,685 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/12 19:42:02 | 000,693,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/12 19:42:02 | 000,139,580 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/29 12:13:48 | 000,001,940 | ---- | M] () -- C:\Users\Charlie\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/24 23:42:35 | 000,000,964 | ---- | M] () -- C:\Users\Charlie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/24 23:23:54 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/24 23:23:54 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/24 23:23:38 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
========== Files Created - No Company Name ==========
[2011/06/17 10:01:34 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/06/12 19:48:21 | 000,001,685 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/24 23:23:38 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/12 15:22:48 | 000,001,940 | ---- | C] () -- C:\Users\Charlie\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/10 00:32:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/15 20:44:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/15 20:44:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/25 14:50:32 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/01/27 21:37:59 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008/10/12 22:45:46 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2008/08/17 14:16:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/30 21:37:48 | 000,072,192 | ---- | C] () -- C:\Users\Charlie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/18 22:32:27 | 000,001,356 | ---- | C] () -- C:\Users\Charlie\AppData\Local\d3d9caps.dat
[2008/04/09 21:25:57 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/07/29 22:42:18 | 000,552,960 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/07/29 22:42:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/07/29 22:42:18 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2007/06/13 08:07:06 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2007/06/13 08:06:09 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2007/06/13 08:06:09 | 000,122,880 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2007/05/11 15:54:46 | 000,007,516 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/05/11 15:54:46 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\88A311EE95.sys
[2007/05/08 19:50:57 | 000,000,419 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007/05/08 18:51:57 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2007/05/08 18:51:51 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/05/07 07:21:04 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/05/06 17:56:33 | 000,000,737 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/06 17:01:46 | 000,000,751 | ---- | C] () -- C:\Windows\Bti.ini
[2007/05/06 17:01:44 | 000,116,640 | ---- | C] () -- C:\Windows\System32\Ptsaci40.dll
[2007/05/06 17:01:44 | 000,030,080 | ---- | C] () -- C:\Windows\System32\Ptabimp3.exe
[2007/05/06 13:06:35 | 000,022,556 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2007/03/06 18:35:44 | 001,398,352 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2007/03/06 18:22:50 | 000,006,249 | ---- | C] () -- C:\Windows\System32\Setup2k.ini
[2007/03/06 18:22:50 | 000,000,302 | ---- | C] () -- C:\Windows\System32\presetup.ini
[2007/03/06 18:22:49 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL
[2007/03/06 18:22:49 | 000,020,480 | ---- | C] () -- C:\Windows\System32\FSRremoS.EXE
[2006/12/15 07:32:52 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
[2006/12/15 07:32:44 | 000,000,480 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
[2006/11/03 00:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 001,105,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,693,636 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,139,580 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
========== LOP Check ==========
[2009/05/24 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Atari
[2009/12/30 11:04:32 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Canon
[2008/12/14 16:53:02 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/16 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Lenovo
[2009/01/26 19:45:58 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\LimeWire
[2009/11/17 18:28:40 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\Opera
[2011/06/20 15:18:25 | 000,000,000 | ---D | M] -- C:\Users\Charlie\AppData\Roaming\WeatherBug
[2011/06/20 09:11:24 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:07BF512B
< End of report >
#75
Posted 22 June 2011 - 07:42 PM
BeckyH
- Topic Starter
-
- Member
-
- 146 posts
Member
LAPTOP
under the Startup section you told me to uncheck everything but avanst...the ones that are currently set to start at start up (I haven't done that yet because I wanted to doublecheck) are as follows
Alps pointing Device Driver
IDT PC Audio
Intel® Common User Interface
Microsoft Windows Operating System
HP Wireless Assistant
Avast antivirus
are you SURE you want me to uncheck these?
Here's the procep log with these being the only thing checked on startup and Avanti is the only thing checked on Services
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 65.39 0 K 24 K
svchost.exe 496 29.23 131,760 K 140,468 K Host Process for Windows Services Microsoft Corporation
svchost.exe 968 3.08 76,580 K 41,836 K Host Process for Windows Services Microsoft Corporation
procexp64.exe 832 1.54 22,108 K 33,552 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 0.77 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 1548 < 0.01 36,168 K 31,784 K Desktop Window Manager Microsoft Corporation
System 4 < 0.01 0 K 5,352 K
csrss.exe 604 < 0.01 3,396 K 8,856 K Client Server Runtime Process Microsoft Corporation
igfxsrvc.exe 836 < 0.01 2,872 K 6,568 K igfxsrvc Module Intel Corporation
ApMsgFwd.exe 3976 < 0.01 2,044 K 4,196 K ApMsgFwd Alps Electric Co., Ltd.
svchost.exe 1096 < 0.01 9,980 K 16,848 K Host Process for Windows Services Microsoft Corporation
explorer.exe 1588 < 0.01 29,972 K 45,392 K Windows Explorer Microsoft Corporation
svchost.exe 516 < 0.01 24,776 K 38,632 K Host Process for Windows Services Microsoft Corporation
svchost.exe 924 < 0.01 4,964 K 8,924 K Host Process for Windows Services Microsoft Corporation
sttray64.exe 1732 < 0.01 9,400 K 17,728 K IDT PC Audio IDT, Inc.
wlanext.exe 1460 < 0.01 3,120 K 7,220 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation
hkcmd.exe 1740 < 0.01 2,856 K 6,668 K hkcmd Module Intel Corporation
AvastUI.exe 1564 < 0.01 6,360 K 3,068 K avast! Antivirus AVAST Software
AvastSvc.exe 1432 < 0.01 19,224 K 38,808 K avast! Service AVAST Software
sqlservr.exe 2956 < 0.01 44,720 K 1,096 K SQL Server Windows NT Microsoft Corporation
Apoint.exe 1724 < 0.01 3,852 K 9,236 K Alps Pointing-device Driver Alps Electric Co., Ltd.
svchost.exe 1268 < 0.01 15,964 K 18,956 K Host Process for Windows Services Microsoft Corporation
csrss.exe 548 < 0.01 2,696 K 7,264 K Client Server Runtime Process Microsoft Corporation
services.exe 640 < 0.01 3,796 K 8,764 K Services and Controller app Microsoft Corporation
svchost.exe 3660 < 0.01 4,784 K 8,512 K Host Process for Windows Services Microsoft Corporation
taskeng.exe 1760 < 0.01 11,144 K 13,744 K Task Scheduler Engine Microsoft Corporation
svchost.exe 1036 < 0.01 10,440 K 15,736 K Host Process for Windows Services Microsoft Corporation
SeaPort.exe 2376 < 0.01 6,212 K 10,252 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
spoolsv.exe 276 < 0.01 8,640 K 15,428 K Spooler SubSystem App Microsoft Corporation
WmiPrvSE.exe 3996 4,140 K 7,612 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 3296 2,104 K 4,280 K Microsoft® Windows Live ID Service Monitor Microsoft Corp.
WLIDSVC.EXE 3140 9,144 K 16,600 K Microsoft® Windows Live ID Service Microsoft Corp.
winlogon.exe 740 3,208 K 7,880 K Windows Logon Application Microsoft Corporation
wininit.exe 584 2,128 K 5,672 K Windows Start-Up Application Microsoft Corporation
taskeng.exe 408 3,340 K 8,208 K Task Scheduler Engine Microsoft Corporation
svchost.exe 316 15,252 K 13,612 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2940 6,732 K 10,704 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3020 5,076 K 8,644 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2688 6,724 K 11,656 K Host Process for Windows Services Microsoft Corporation
svchost.exe 852 3,732 K 7,712 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2744 3,968 K 8,164 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1040 3,120 K 6,676 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2324 1,624 K 3,460 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2180 3,412 K 7,396 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2984 1,896 K 4,504 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3052 1,756 K 4,108 K Host Process for Windows Services Microsoft Corporation
sqlwriter.exe 1004 4,896 K 9,368 K SQL Server VSS Writer - 64 Bit Microsoft Corporation
sqlbrowser.exe 1712 1,840 K 5,036 K SQL Browser Service EXE Microsoft Corporation
smss.exe 476 500 K 1,032 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1064 8,556 K 13,360 K Microsoft Software Licensing Service Microsoft Corporation
procexp.exe 2944 3,788 K 7,604 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
mobsync.exe 2428 4,256 K 7,980 K Microsoft Sync Center Microsoft Corporation
lsm.exe 660 3,684 K 5,932 K Local Session Manager Service Microsoft Corporation
lsass.exe 652 5,680 K 12,580 K Local Security Authority Process Microsoft Corporation
inetinfo.exe 2824 11,460 K 19,240 K Internet Information Services Microsoft Corporation
ehtray.exe 1748 2,876 K 1,188 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 1788 2,532 K 6,360 K Media Center Media Status Aggregator Service Microsoft Corporation
audiodg.exe 656 13,768 K 16,916 K Windows Audio Device Graph Isolation Microsoft Corporation
ApntEx.exe 4092 2,688 K 5,504 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
under the Startup section you told me to uncheck everything but avanst...the ones that are currently set to start at start up (I haven't done that yet because I wanted to doublecheck) are as follows
Alps pointing Device Driver
IDT PC Audio
Intel® Common User Interface
Microsoft Windows Operating System
HP Wireless Assistant
Avast antivirus
are you SURE you want me to uncheck these?
Here's the procep log with these being the only thing checked on startup and Avanti is the only thing checked on Services
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 65.39 0 K 24 K
svchost.exe 496 29.23 131,760 K 140,468 K Host Process for Windows Services Microsoft Corporation
svchost.exe 968 3.08 76,580 K 41,836 K Host Process for Windows Services Microsoft Corporation
procexp64.exe 832 1.54 22,108 K 33,552 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 0.77 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 1548 < 0.01 36,168 K 31,784 K Desktop Window Manager Microsoft Corporation
System 4 < 0.01 0 K 5,352 K
csrss.exe 604 < 0.01 3,396 K 8,856 K Client Server Runtime Process Microsoft Corporation
igfxsrvc.exe 836 < 0.01 2,872 K 6,568 K igfxsrvc Module Intel Corporation
ApMsgFwd.exe 3976 < 0.01 2,044 K 4,196 K ApMsgFwd Alps Electric Co., Ltd.
svchost.exe 1096 < 0.01 9,980 K 16,848 K Host Process for Windows Services Microsoft Corporation
explorer.exe 1588 < 0.01 29,972 K 45,392 K Windows Explorer Microsoft Corporation
svchost.exe 516 < 0.01 24,776 K 38,632 K Host Process for Windows Services Microsoft Corporation
svchost.exe 924 < 0.01 4,964 K 8,924 K Host Process for Windows Services Microsoft Corporation
sttray64.exe 1732 < 0.01 9,400 K 17,728 K IDT PC Audio IDT, Inc.
wlanext.exe 1460 < 0.01 3,120 K 7,220 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation
hkcmd.exe 1740 < 0.01 2,856 K 6,668 K hkcmd Module Intel Corporation
AvastUI.exe 1564 < 0.01 6,360 K 3,068 K avast! Antivirus AVAST Software
AvastSvc.exe 1432 < 0.01 19,224 K 38,808 K avast! Service AVAST Software
sqlservr.exe 2956 < 0.01 44,720 K 1,096 K SQL Server Windows NT Microsoft Corporation
Apoint.exe 1724 < 0.01 3,852 K 9,236 K Alps Pointing-device Driver Alps Electric Co., Ltd.
svchost.exe 1268 < 0.01 15,964 K 18,956 K Host Process for Windows Services Microsoft Corporation
csrss.exe 548 < 0.01 2,696 K 7,264 K Client Server Runtime Process Microsoft Corporation
services.exe 640 < 0.01 3,796 K 8,764 K Services and Controller app Microsoft Corporation
svchost.exe 3660 < 0.01 4,784 K 8,512 K Host Process for Windows Services Microsoft Corporation
taskeng.exe 1760 < 0.01 11,144 K 13,744 K Task Scheduler Engine Microsoft Corporation
svchost.exe 1036 < 0.01 10,440 K 15,736 K Host Process for Windows Services Microsoft Corporation
SeaPort.exe 2376 < 0.01 6,212 K 10,252 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
spoolsv.exe 276 < 0.01 8,640 K 15,428 K Spooler SubSystem App Microsoft Corporation
WmiPrvSE.exe 3996 4,140 K 7,612 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 3296 2,104 K 4,280 K Microsoft® Windows Live ID Service Monitor Microsoft Corp.
WLIDSVC.EXE 3140 9,144 K 16,600 K Microsoft® Windows Live ID Service Microsoft Corp.
winlogon.exe 740 3,208 K 7,880 K Windows Logon Application Microsoft Corporation
wininit.exe 584 2,128 K 5,672 K Windows Start-Up Application Microsoft Corporation
taskeng.exe 408 3,340 K 8,208 K Task Scheduler Engine Microsoft Corporation
svchost.exe 316 15,252 K 13,612 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2940 6,732 K 10,704 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3020 5,076 K 8,644 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2688 6,724 K 11,656 K Host Process for Windows Services Microsoft Corporation
svchost.exe 852 3,732 K 7,712 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2744 3,968 K 8,164 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1040 3,120 K 6,676 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2324 1,624 K 3,460 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2180 3,412 K 7,396 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2984 1,896 K 4,504 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3052 1,756 K 4,108 K Host Process for Windows Services Microsoft Corporation
sqlwriter.exe 1004 4,896 K 9,368 K SQL Server VSS Writer - 64 Bit Microsoft Corporation
sqlbrowser.exe 1712 1,840 K 5,036 K SQL Browser Service EXE Microsoft Corporation
smss.exe 476 500 K 1,032 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1064 8,556 K 13,360 K Microsoft Software Licensing Service Microsoft Corporation
procexp.exe 2944 3,788 K 7,604 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
mobsync.exe 2428 4,256 K 7,980 K Microsoft Sync Center Microsoft Corporation
lsm.exe 660 3,684 K 5,932 K Local Session Manager Service Microsoft Corporation
lsass.exe 652 5,680 K 12,580 K Local Security Authority Process Microsoft Corporation
inetinfo.exe 2824 11,460 K 19,240 K Internet Information Services Microsoft Corporation
ehtray.exe 1748 2,876 K 1,188 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 1788 2,532 K 6,360 K Media Center Media Status Aggregator Service Microsoft Corporation
audiodg.exe 656 13,768 K 16,916 K Windows Audio Device Graph Isolation Microsoft Corporation
ApntEx.exe 4092 2,688 K 5,504 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
Edited by BeckyH, 22 June 2011 - 07:51 PM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
