Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow computer, takes close to 15 minutes to turn on, youtube videos wo

Started by m125xsx , Jan 05 2013 05:41 PM

  • Please log in to reply

#1
m125xsx
Posted 05 January 2013 - 05:41 PM

m125xsx

    Member

  • Member
  • PipPip
  • 96 posts
Hello!

I've used this forum a few times in the past and you guys always seemed to doa great job helping to fix my computer... my last post here was from 2010 so almost 3 years ago!

Anyways on to the issues...

The computer is veryyyyyy sloooooooooow! Like painfully slow... If I want to search the internet for something and the computer is turned off, then it may take me 20 minutes to find "how to bake cookies" online. Now this did not happen over night, but instead the computers demise has been quite a slow one.

As of today's latest browsing session, videos such as those on youtube (or the tutorial for posting a log on this site) do not work. Instead they fast forward through the whole video with no sound. A 2:00 clip will play in 0:15 and only show a few blurry shots.

Additionally I use Norton Anti-Virus and McAfee Security Scan Plus.

Onto the OTL Log:
OTL logfile created on: 1/5/2013 6:20:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mike\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 26.54% Memory free
3.35 Gb Paging File | 1.61 Gb Available in Paging File | 48.04% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 35.76 Gb Free Space | 15.67% Space Free | Partition Type: NTFS
Drive T: | 931.28 Gb Total Space | 7.92 Gb Free Space | 0.85% Space Free | Partition Type: FAT32

Computer Name: D4K48M91 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/05 18:18:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\My Documents\Downloads\OTL.exe
PRC - [2012/10/26 21:46:56 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/16 02:30:16 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/14 00:50:04 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/08/28 06:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/08/28 06:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/03/14 16:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/06 17:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/11/14 06:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/04/07 12:49:08 | 000,560,880 | ---- | M] (CrossLoop Inc) -- C:\Documents and Settings\Elaine\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2011/03/03 19:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 19:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/01/01 14:53:31 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/01/16 12:02:38 | 000,436,752 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\mcuicnt.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/01/22 11:38:32 | 002,749,952 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\cbInterface.exe
PRC - [2009/01/22 11:38:26 | 000,579,584 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\Cobian.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/26 21:46:55 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/25 20:02:44 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/21 15:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 15:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 15:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/10/26 21:46:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/28 06:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/06/11 16:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/03/14 16:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/05/25 14:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/04/07 12:49:08 | 000,560,880 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2011/03/03 19:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2002/12/17 16:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/10/23 18:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20121130.005\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/12 21:12:37 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130104.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/12 21:12:37 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130104.032\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/06 03:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130104.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/09 00:16:48 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/09 00:16:48 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/19 11:33:51 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 20:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/26 17:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/03/09 02:32:20 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/16 22:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/04 05:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...=en&client=dell
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...=en&client=dell
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&client=dell
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {EFAD40FA-5085-4366-B9AA-7D7B05E59FD7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...l&geo=US&ver=18
IE - HKCU\..\SearchScopes\{EFAD40FA-5085-4366-B9AA-7D7B05E59FD7}: "URL" = http://www.google.co...&rlz=1I7DAUS_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.13.2
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.4.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/15 15:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013/01/02 15:10:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 21:46:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/26 21:45:55 | 000,000,000 | ---D | M]

[2011/04/18 10:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2011/04/18 10:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions\[email protected]
[2012/12/16 20:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\lm09n896.default\extensions
[2012/03/04 14:13:27 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\lm09n896.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/10/26 21:45:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/15 15:08:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012/12/15 15:09:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/01/02 15:10:47 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_13_2
[2012/02/15 15:05:51 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2012/10/26 21:46:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/17 16:34:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/15 18:52:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/19 23:50:42 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.91\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.91\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.91\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2010/12/18 19:36:45 | 000,304,978 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10574 more lines...
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Cobian Backup 9] C:\Program Files\Cobian Backup 9\Cobian.exe (Luis Cobian)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1237941841015 (MUWebControl Class)
O16 - DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} http://151.203.99.51...tdownloader.cab (PowerTerm Downloader Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D28C2859-327F-41C7-AAE1-59518EA44194}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - T:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/18 14:11:58 | 000,000,000 | ---D | M] - T:\autorun -- [ FAT32 ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/16 20:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ahead Nero
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/05 18:03:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1005UA.job
[2013/01/05 17:55:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/05 17:35:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1006UA.job
[2013/01/05 15:06:14 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2013/01/05 03:35:01 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1006Core.job
[2013/01/05 03:03:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1005Core.job
[2013/01/05 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-D4K48M91-Micky.job
[2013/01/05 01:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/04 22:00:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2013/01/03 13:27:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/02 15:08:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/31 22:00:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job
[2012/12/21 03:20:07 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/16 20:09:10 | 000,283,648 | ---- | M] (Stirling Technologies, Inc.) -- C:\WINDOWS\uninst.exe
[2012/12/12 03:10:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/07 13:40:38 | 000,500,834 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/07 13:40:38 | 000,088,092 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/12 03:08:52 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/09/30 13:17:00 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\vso_ts_preview.xml
[2012/06/13 12:55:22 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/14 22:34:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/18 18:17:50 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/10/18 18:16:50 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2009/03/24 19:34:50 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/22 10:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/03/24 19:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/26 12:51:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/12/17 17:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/04/03 18:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/12/16 05:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/06/26 13:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/08/08 00:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/04/18 10:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2012/12/16 20:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/09/02 21:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/04/22 17:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wal-Mart
[2009/03/24 21:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/07/29 20:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/06 19:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/08/02 20:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Dropbox
[2012/05/13 09:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\IObit
[2011/06/12 18:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\PriceGong
[2011/04/18 10:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\TomTom
[2013/01/05 18:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\uTorrent
[2012/09/30 16:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Vso

========== Purity Check ==========



< End of report >



Thank you
  • 0

Advertisements

#2
RKinner
Posted 05 January 2013 - 06:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall
Advanced SystemCare 5
McAfee Security Scan
uTorrent

You have two backup programs. I think one is enough so uninstall either carbonite or cobian


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait about a minute then.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.



Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Ron
  • 0

#3
m125xsx
Posted 07 January 2013 - 08:04 PM

m125xsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Thanks Ron, I will see if I can do all of that tomorrow night. Tight with time due to work but I really appreciate such a quick response!

The latest issue is that the search function of windows is not working. I am getting the little XP dog assistant to show up but I can not type anything (there are no boxes that appear) but I suppose this is another issue we can tackle as we try to solve all of these problems. I will try to post the logs tomorrow night.

Thanks,
M125XSX
  • 0

#4
m125xsx
Posted 10 January 2013 - 07:45 PM

m125xsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
When I try to use event viewer tool I get the following page:
Server not found


Firefox can't find the server at images.malwareremoval.com.
Check the address for typing errors such as
ww.example.com instead of
www.example.com
etc...



Now onto the other logs...
-----------------------------------------------------------------
Process Explorer

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 99.22 0 K 28 K
procexp.exe 1248 0.78 45,300 K 53,100 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wuauclt.exe 3212 3,840 K 9,660 K Windows Update Microsoft Corporation (Verified) Microsoft Windows Component Publisher
wmiprvse.exe 4176 3,960 K 9,520 K (Unable to verify) (null)
winlogon.exe 776 19,912 K 6,828 K Windows NT Logon Application Microsoft Corporation (Unable to verify) Microsoft Corporation
winlogon.exe 3596 6,784 K 1,356 K Windows NT Logon Application Microsoft Corporation (Unable to verify) Microsoft Corporation
Verizon_IHAMessageCenter.exe 2712 39,496 K 3,700 K IHA_MessageCenter Verizon (Unable to verify) Verizon
TomTomHOMEService.exe 1860 392 K 404 K Windows Service for TomTom HOME TomTom (Verified) TomTom International BV
TomTomHOMERunner.exe 416 4,544 K 10,556 K System Tray application for TomTom HOME TomTom (Verified) TomTom International BV
System 4 0 K 60 K
svchost.exe 1260 48,340 K 23,272 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1352 6,328 K 2,920 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1028 10,876 K 2,180 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1164 7,288 K 1,776 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1692 5,592 K 740 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1828 8,492 K 900 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 1840 9,300 K 1,212 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2728 6,608 K 580 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
stsystra.exe 3556 4,868 K 7,868 K Sigmatel Audio system tray application SigmaTel, Inc. (Unable to verify) SigmaTel, Inc.
spoolsv.exe 1616 9,484 K 2,072 K Spooler SubSystem App Microsoft Corporation (Unable to verify) Microsoft Corporation
smss.exe 676 196 K 64 K Windows NT Session Manager Microsoft Corporation (Unable to verify) Microsoft Corporation
services.exe 820 2,756 K 2,048 K Services and Controller app Microsoft Corporation (Unable to verify) Microsoft Corporation
rundll32.exe 3628 23,100 K 1,648 K Run a DLL as an App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
PMBDeviceInfoProvider.exe 1664 3,144 K 528 K Device Information Provider Sony Corporation (Verified) Sony Corporation
plugin-container.exe 4068 23,532 K 29,684 K Plugin Container for Firefox Mozilla Corporation (Verified) Mozilla Corporation
PicasaMediaDetector.exe 3812 2,940 K 9,588 K Picasa Google Inc. (Verified) Google Inc.
mDNSResponder.exe 1752 3,628 K 640 K Bonjour Service Apple Inc. (Verified) Apple Inc.
mdm.exe 988 5,016 K 600 K Machine Debug Manager Microsoft Corporation (Verified) Microsoft Corporation
mcrdsvc.exe 2080 4,992 K 424 K MCRD Device Service Microsoft Corporation (Unable to verify) Microsoft Corporation
McciCMService.exe 732 7,916 K 1,156 K mcci+McciCMService Alcatel-Lucent (Unable to verify) Alcatel-Lucent
lsass.exe 832 8,232 K 1,756 K LSA Shell (Export Version) Microsoft Corporation (Unable to verify) Microsoft Corporation
iTunesHelper.exe 3156 14,564 K 23,204 K iTunesHelper Apple Inc. (Verified) Apple Inc.
iPodService.exe 1552 7,676 K 2,212 K iPodService Module (32-bit) Apple Inc. (Verified) Apple Inc.
GoogleCrashHandler.exe 548 3,472 K 496 K Google Crash Handler Google Inc. (Verified) Google Inc
firefox.exe 2740 152,736 K 171,048 K Firefox Mozilla Corporation (Verified) Mozilla Corporation
explorer.exe 2244 25,016 K 15,944 K Windows Explorer Microsoft Corporation (Unable to verify) Microsoft Corporation
ehSched.exe 260 6,376 K 588 K Media Center Scheduler Service Microsoft Corporation (Unable to verify) Microsoft Corporation
ehrecvr.exe 280 8,940 K 452 K Media Center Receiver Service Microsoft Corporation (Unable to verify) Microsoft Corporation
DSAgnt.exe 1968 15,184 K 24,004 K Dell Support Gteko Ltd. (Verified) Dell Inc.
dllhost.exe 3172 7,032 K 1,500 K COM Surrogate Microsoft Corporation (Unable to verify) Microsoft Corporation
ctfmon.exe 3468 1,764 K 5,152 K CTF Loader Microsoft Corporation (Unable to verify) Microsoft Corporation
csrss.exe 1100 1,336 K 3,556 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Component Publisher
csrss.exe 748 1,724 K 1,712 K Client Server Runtime Process Microsoft Corporation (Unable to verify) Microsoft Corporation
CrossLoopService.exe 2040 3,520 K 712 K CrossLoop service CrossLoop Inc (Verified) CrossLoop
ccsvchst.exe 2240 11,792 K 10,256 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
ccsvchst.exe 1452 476,900 K 13,404 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
ccSvcHst.exe 1528 14,392 K 6,152 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
ati2evxx.exe 980 880 K 748 K ATI External Event Utility EXE Module ATI Technologies Inc. (Unable to verify) ATI Technologies Inc.
AppleMobileDeviceService.exe 1724 14,448 K 2,612 K MobileDeviceService Apple Inc. (Verified) Apple Inc.

-----------------------------------------------------------------------

See attached file for Speecy report.


Thanks,
M125XSX

Attached Files


  • 0

#5
RKinner
Posted 10 January 2013 - 08:09 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
It's not working for me either. I know they were migrating to a different server so it must have gotten lost. I have a copy which I will attach to this post. Download, Save, and right click on it then Extract All.
  • 0

#6
m125xsx
Posted 12 January 2013 - 08:07 AM

m125xsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
SYSTEM

Vino's Event Viewer v01c run on Windows XP in English
Report run at 12/01/2013 9:05:17 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/01/2013 12:45:48 AM
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'abcpy.ini' on the volume 'HarddiskVolume4'. It has stopped monitoring the volume.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/01/2013 5:55:41 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 11/01/2013 9:58:04 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 10/01/2013 8:52:20 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

APPLICATION
Vino's Event Viewer v01c run on Windows XP in English
Report run at 12/01/2013 9:07:28 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/01/2013 3:07:18 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 12/01/2013 3:07:18 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 11/01/2013 3:05:13 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 11/01/2013 3:05:12 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 10/01/2013 3:01:18 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 10/01/2013 3:01:18 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 09/01/2013 3:48:58 AM
Type: error Category: 0
Event: 1103 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


Log: 'Application' Date/Time: 09/01/2013 3:07:45 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 09/01/2013 3:07:45 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 08/01/2013 3:01:21 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 08/01/2013 3:01:21 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 07/01/2013 4:15:55 PM
Type: error Category: 0
Event: 1511 Source: Userenv
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 07/01/2013 4:15:53 PM
Type: error Category: 0
Event: 1515 Source: Userenv
Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Log: 'Application' Date/Time: 07/01/2013 4:15:53 PM
Type: error Category: 0
Event: 1502 Source: Userenv
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator. DETAIL - The process cannot access the file because it is being used by another process.

Log: 'Application' Date/Time: 07/01/2013 4:15:47 PM
Type: error Category: 0
Event: 1508 Source: Userenv
Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights. DETAIL - The process cannot access the file because it is being used by another process. for C:\Documents and Settings\Megan\ntuser.dat

Log: 'Application' Date/Time: 07/01/2013 3:01:06 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 07/01/2013 3:01:06 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 06/01/2013 3:01:10 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 06/01/2013 3:01:10 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

Log: 'Application' Date/Time: 05/01/2013 3:01:19 AM
Type: error Category: 0
Event: 11714 Source: MsiInstaller
Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed. Contact your technical support group. System Error 1612.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/01/2013 8:18:57 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 10/01/2013 8:18:57 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 09/01/2013 3:48:40 AM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 09/01/2013 3:48:40 AM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 09/01/2013 3:30:29 AM
Type: warning Category: 0
Event: 1021 Source: .NET Runtime
.NET Runtime version 2.0.50727.3643 - Executable "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" AppDomain "DefaultDomain" deleted obsolete native image "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll"

Log: 'Application' Date/Time: 09/01/2013 3:29:37 AM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 09/01/2013 3:17:51 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel.activation already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 09/01/2013 3:17:51 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.runtime.serialization already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 09/01/2013 3:17:50 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 09/01/2013 3:17:47 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly. If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Log: 'Application' Date/Time: 08/01/2013 8:36:08 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user D4K48M91\Elaine registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 07/01/2013 4:19:30 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 07/01/2013 4:19:30 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 02/01/2013 3:11:37 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 02/01/2013 3:11:37 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 31/12/2012 1:54:46 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 31/12/2012 1:54:46 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 30/12/2012 5:47:09 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 30/12/2012 5:47:09 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 25/12/2012 9:25:34 AM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'
  • 0

#7
RKinner
Posted 12 January 2013 - 11:08 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I think we are dealing with a heat issue. Speccy isn't able to get a temperature from the Modtherboard or CPU but it does get one from the Hard drive:

Hard Drives
233GB Western Digital WDC WD2500JS-75NCB1 (SATA) 62 °C


This is too high. It needs to be under 50 for the hard drive to operate reliably and on a desktop it should be about 35. This is probably a sign that the PC Case vents are clogged with dust. A lot of the old Dells used a big fan on the back panel which blew or sucked air through a plastic shroud to the CPU. This fan could also have failed. Shut it down. Leave it plugged up and take the cover off of it so you can see inside. Use a vacuum cleaner hose and a soft brush and clear the dust paying special attention to the CPU heatsink. If this is one which has a fan mounted on the heatsink then use a small Phillips screwdriver and unscrew the 4 screws which hold the fan in place. Set the fan aside (no need to disconnect it). Clean the CPU heatsink. Put the fan back. Also look for air vents at the front of the case

Leave the cover off and turn the PC on. Watch the fan as you do. It should come on quickly and not make any strange noises. Usually after the initial start it will keep running at a slower speed. If the fan does not run or makes noise or only slowly starts up then it needs to be replaced. My unofficial test for a fan is to use the eraser end of a pencil to momentarily stop the fan. It should start running again as soon as you remove the pencil. Do not let it run very long without the shroud in place. If you need a new fan give me the make and model of the PC and if you can see a part number on the fan give me that too. Note the direction the fan blows so you will be sure to put it back the same way.

Once you have cleaned the dust out of the PC (and replaced the fan if need be) then run Speccy again as before (after the PC has been on for 30 minutes or so) and post the log.

I also see some hard drive problems and a stuck install but we will worry about them when the PC is running cooler.
  • 0

#8
m125xsx
Posted 12 January 2013 - 05:52 PM

m125xsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Thank you for the thought out response.

As for the fan, we took everything out and cleaned it the best that we could. The heatsink did have a good amount of dust in it. When we turned on the computer with the fan still in place and the heatsink out the fan at first turned out really loud and fast! Normally is is not too loud. When the fan was stopped with the eraser, it would not start spinning again on its own, it needed a "push" to get it to go. Once the heatsink was back in place it was running quiet again.

I have three youtube videos that I took to show you, just waiting for them to fully upload first. I'll post them in just a minute.

Speecy report log is attached to this post; computer was off for a few hours then only on for about 30 or so minutes... 60 C still... (better than my laptop which is up to 98C! Scary hot and time for a new one!)

When I turned the computer back on it took almost 6 minutes to finally work enough to get the internet going again. So although it is running decent once up it is still slow!

Attached Files


Edited by m125xsx, 12 January 2013 - 05:53 PM.

  • 0

#9
RKinner
Posted 12 January 2013 - 07:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Didn't really want you to run the fan while the heatsink was off. That can damage the CPU. Since the heatsink comes off so easy you should remove it (with power off) and use some alcohol and a Q-tip and clean the surface of the CPU and the heatsink then apply a thin layer of thermal paste such as Artic Silver 5 see:

http://www.walmart.c...mpound/20449158

More than you wanted to know about how to apply it here: http://www.hardwares...ermal-Paste/274

Some PC maker's did not use thermal paste. Instead they used a thin pad. These are easier to use and allow faster assembly but dry out over time and then don't work. If you see a pad, remove it and discard it before applying the thermal paste.

What make and model is the PC?
  • 0

#10
m125xsx
Posted 14 January 2013 - 05:35 PM

m125xsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

Didn't really want you to run the fan while the heatsink was off. That can damage the CPU. Since the heatsink comes off so easy you should remove it (with power off) and use some alcohol and a Q-tip and clean the surface of the CPU and the heatsink then apply a thin layer of thermal paste such as Artic Silver 5 see:

http://www.walmart.c...mpound/20449158

More than you wanted to know about how to apply it here: http://www.hardwares...ermal-Paste/274

Some PC maker's did not use thermal paste. Instead they used a thin pad. These are easier to use and allow faster assembly but dry out over time and then don't work. If you see a pad, remove it and discard it before applying the thermal paste.

What make and model is the PC?


Thank you for the link. We applied the Silver-5 Thermal paste as described in the article.

Here are two videos I took before my previous post:

and


Luckily we did not run for more than a few seconds with the heatsink off, and the computer was already cool at the time.

As for make and model?

It's a Dell, Windows XP Media Center Edition 2005
0X5543
X11-45376


If I posted pictures would that help?
  • 0

Advertisements

#11
RKinner
Posted 14 January 2013 - 06:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
From the second video the fan is definitely going bad. Unfortunately while I can read the maker's name I can't see the part number and the numbers you gave for the PC weren't recognized at Dell. Can you give me the Service Tag? See http://www.dell.com/...t/home/us/en/19
  • 0

#12
m125xsx
Posted 14 January 2013 - 07:20 PM

m125xsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Dell Dimension 5150/E510
Service Tag:
4K48M91
  • 0

#13
RKinner
Posted 14 January 2013 - 07:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Searching for Dimension 5100 fans the cheapest I can find is about $25.

http://www.frozencpu...777&id=VpdA4hhX

Usually you can do better if you search by the part number of the original fan.

I've used a different fan which didn't provide the correct feedback. Had to put a resistor in line to slow the fan down and then tell the BIOS not to monitor the fan but it did work.
  • 0

#14
m125xsx
Posted 15 January 2013 - 07:20 PM

m125xsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Searched the part number and found this:
http://www.amazon.co...w_d_detail?pd=1
  • 0

#15
RKinner
Posted 15 January 2013 - 09:57 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If that's the same part number then it's probably the best price you will find. I'd go ahead and order it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP