Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slowing computer


  • Please log in to reply

#1
conkling79

conkling79

    New Member

  • Member
  • Pip
  • 2 posts
I have been noticing that my computer is getting slower, I removed many unused programs and unwanted files. I am just wondering if there is any malware or spyware that may also be slowing it down I do currently run a anti virus and spyware software on a regular basis and nothing ever shows up. please any help would be greatly appreciated.



OTL logfile created on: 1/30/2013 4:51:10 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Andrew Conkling\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.34 Gb Available Physical Memory | 27.13% Memory free
2.34 Gb Paging File | 1.52 Gb Available in Paging File | 64.98% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.05 Gb Total Space | 2.91 Gb Free Space | 11.62% Space Free | Partition Type: NTFS
Drive E: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.21% Space Free | Partition Type: FAT
Drive F: | 60.36 Mb Total Space | 60.36 Mb Free Space | 99.99% Space Free | Partition Type: FAT

Computer Name: NOTEBOOK | User Name: Andrew Conkling | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 16:50:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew Conkling\Desktop\OTL.exe
PRC - [2012/11/29 02:27:34 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/02 13:21:52 | 001,506,536 | ---- | M] (Defender Pro) -- C:\Program Files\Defender Pro\Defender Pro\vsserv.exe
PRC - [2011/08/02 13:21:48 | 000,050,128 | ---- | M] (Defender Pro) -- C:\Program Files\Defender Pro\Defender Pro\updatesrv.exe
PRC - [2011/08/02 13:21:38 | 000,923,520 | ---- | M] (Defender Pro) -- C:\Program Files\Defender Pro\Defender Pro\seccenter.exe
PRC - [2011/08/02 13:21:06 | 000,066,608 | ---- | M] (Defender Pro) -- C:\Program Files\Defender Pro\Defender Pro Safebox\safeboxservice.exe
PRC - [2011/08/02 13:21:04 | 000,065,560 | ---- | M] (Defender Pro) -- C:\Program Files\Defender Pro\Defender Pro\pchooklaunch32.exe
PRC - [2011/08/02 13:19:56 | 001,053,336 | ---- | M] (Defender Pro) -- C:\Program Files\Defender Pro\Defender Pro\bdagent.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/10 11:54:48 | 000,598,016 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/09/15 01:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/05/13 10:23:56 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/29 02:27:37 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/07 23:35:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\494e536022ee1a0d2fe124c3d2500f74\System.Xml.ni.dll
MOD - [2012/07/07 23:22:52 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\2448ec34d1e318a77a0d32704961c646\System.ni.dll
MOD - [2012/07/07 23:21:39 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/03/12 15:03:21 | 008,527,520 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/02 12:47:52 | 000,186,880 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\UI\popup.ui
MOD - [2011/08/02 12:47:50 | 000,212,992 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\UI\bdidntconp.ui
MOD - [2011/08/02 12:47:50 | 000,009,216 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\UI\imsecurityal.ui
MOD - [2011/08/02 12:47:48 | 000,007,680 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\UI\accessl.ui
MOD - [2011/07/22 19:20:05 | 000,337,992 | ---- | M] () -- \\?\C:\Program Files\Common Files\Defender Pro\Defender Pro Threat Scanner\trufos.dll
MOD - [2011/07/22 17:53:36 | 000,126,360 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\popup.dll
MOD - [2011/07/22 17:51:24 | 000,060,416 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\excludemgr.dll
MOD - [2011/07/22 17:51:22 | 000,109,856 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\accessl.dll
MOD - [2011/07/22 14:00:30 | 000,239,136 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\avc3al.dll
MOD - [2011/07/22 12:59:42 | 000,319,952 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\bdidntconp.dll
MOD - [2011/07/22 12:53:14 | 000,035,208 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\procinfo.dll
MOD - [2011/07/22 12:39:24 | 000,109,856 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\connector.dll
MOD - [2011/07/22 12:38:50 | 000,151,592 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\framework.dll
MOD - [2011/07/22 12:37:56 | 000,202,032 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\txmlutil.dll
MOD - [2011/07/22 12:37:48 | 000,059,392 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\bdmltusrsrv.dll
MOD - [2011/07/22 12:37:44 | 000,035,720 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\strdecoder.dll
MOD - [2011/07/22 12:22:34 | 002,035,712 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\as2core\ashttpf.mdl
MOD - [2011/07/22 12:22:34 | 001,975,296 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\as2core\ashttpph.mdl
MOD - [2011/07/22 12:22:34 | 001,903,104 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\as2core\ashttpfr.mdl
MOD - [2011/07/22 12:22:34 | 001,850,368 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\as2core\asimf.mdl
MOD - [2011/07/22 12:22:34 | 001,090,048 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\as2core\ashttprbl.mdl
MOD - [2011/07/22 12:22:34 | 000,855,040 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\as2core\ashttpdsp.mdl
MOD - [2011/07/22 12:22:34 | 000,793,600 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\as2core\asimdsp.mdl
MOD - [2011/07/22 12:22:34 | 000,770,560 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\as2core\ashttpbr.mdl
MOD - [2011/07/22 12:22:34 | 000,739,840 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\as2core\asimbr.mdl
MOD - [2011/07/13 13:10:30 | 000,130,456 | ---- | M] () -- C:\Program Files\Common Files\Defender Pro\Defender Pro Threat Scanner\bdsmartdb.dll
MOD - [2011/03/01 17:46:16 | 000,132,176 | ---- | M] () -- C:\Program Files\Defender Pro\Defender Pro\bdfwcore.dll
MOD - [2004/11/10 11:54:48 | 000,598,016 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
MOD - [2004/09/15 01:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2003/06/17 10:50:08 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/29 02:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/01 21:15:36 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/02 13:21:52 | 001,506,536 | ---- | M] (Defender Pro) [Auto | Running] -- C:\Program Files\Defender Pro\Defender Pro\vsserv.exe -- (VSSERV)
SRV - [2011/08/02 13:21:48 | 000,050,128 | ---- | M] (Defender Pro) [Auto | Running] -- C:\Program Files\Defender Pro\Defender Pro\updatesrv.exe -- (UPDATESRV)
SRV - [2011/08/02 13:21:06 | 000,066,608 | ---- | M] (Defender Pro) [Auto | Running] -- C:\Program Files\Defender Pro\Defender Pro Safebox\safeboxservice.exe -- (SafeBox)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SPCA561.SYS -- (CA561)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2011/07/22 19:20:05 | 000,311,248 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2011/07/19 15:20:36 | 000,127,056 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Defender Pro\Defender Pro\bdselfpr.sys -- (bdselfpr)
DRV - [2011/07/15 15:11:48 | 000,451,864 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2011/07/15 15:11:46 | 000,596,600 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2011/07/15 15:11:46 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2011/06/17 19:54:44 | 000,063,568 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/03/24 14:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/03/01 17:45:34 | 000,113,232 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Defender Pro\Defender Pro Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2011/03/01 17:45:32 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Defender Pro\Defender Pro Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2005/03/10 14:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/12/11 20:28:20 | 000,371,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2004/08/18 14:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2004/06/17 20:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 20:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 20:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {4561B2A9-163D-4076-981E-5E1B4CC84EC6}
IE - HKCU\..\SearchScopes\{4561B2A9-163D-4076-981E-5E1B4CC84EC6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Andrew Conkling\Application Data\Facebook\npfbplugin_1_0_1.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/02 13:41:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Defender Pro\Defender Pro\bdtbext\ [2012/12/22 10:28:56 | 000,000,000 | ---D | M]

[2012/12/03 19:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew Conkling\Application Data\Mozilla\Extensions
[2010/06/07 10:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew Conkling\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/01/02 13:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew Conkling\Application Data\Mozilla\Firefox\Profiles\n3nhs33a.default\extensions
[2012/12/03 19:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew Conkling\Application Data\Mozilla\Firefox\Profiles\x6qo5si3.default\extensions
[2012/12/03 19:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew Conkling\Application Data\Mozilla\Firefox\Profiles\x6qo5si3.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
[2013/01/02 13:49:12 | 000,013,345 | ---- | M] () (No name found) -- C:\Documents and Settings\Andrew Conkling\Application Data\Mozilla\Firefox\Profiles\n3nhs33a.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/01/02 13:51:45 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Andrew Conkling\Application Data\Mozilla\Firefox\Profiles\n3nhs33a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/02 13:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/29 02:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 02:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2010/03/31 07:33:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Defender Pro\Defender Pro\bdagent.exe (Defender Pro)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11g_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1249795892625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B02CE3E5-0662-4868-9015-75384E835392}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Andrew Conkling\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrew Conkling\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/30 16:50:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew Conkling\Desktop\OTL.exe
[2013/01/26 23:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2013/01/26 23:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2013/01/26 22:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2013/01/22 18:53:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew Conkling\Recent
[2013/01/22 17:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew Conkling\Desktop\Resume Information
[2013/01/09 20:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew Conkling\Desktop\Taylor Swift
[2013/01/02 13:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\LocalService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\LocalService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/30 16:50:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew Conkling\Desktop\OTL.exe
[2013/01/30 16:15:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/30 12:59:48 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9428CBF6-0627-40EE-826A-E289221FE899}.job
[2013/01/29 10:18:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/28 05:11:02 | 000,003,120 | ---- | M] () -- C:\WINDOWS\FDK47J7J.ocx
[2013/01/27 08:29:53 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\FEHXUQ9Q.ocx
[2013/01/26 23:11:12 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Andrew Conkling\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/01/26 23:11:12 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2013/01/25 19:09:24 | 000,000,311 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2013/01/09 15:53:52 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/04 15:25:16 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2013/01/02 13:42:38 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Andrew Conkling\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/02 13:42:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/28 05:11:02 | 000,003,120 | ---- | C] () -- C:\WINDOWS\FDK47J7J.ocx
[2013/01/27 08:29:53 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\FEHXUQ9Q.ocx
[2013/01/26 23:11:12 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Andrew Conkling\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/01/26 23:11:12 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2013/01/02 13:42:38 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Andrew Conkling\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/02 13:42:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/02 13:42:37 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/12/22 10:55:17 | 000,149,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1356193371.bdinstall.bin
[2012/08/15 09:14:14 | 000,102,285 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2012/08/15 09:14:13 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2012/07/22 05:35:27 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Andrew Conkling\Application Datauser_gensett.xml
[2012/07/21 09:06:58 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Andrew Conkling\Application Dataprivacy.xml
[2012/07/07 16:18:36 | 000,177,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341698476.bdinstall.bin
[2010/04/07 18:37:48 | 000,038,480 | ---- | C] () -- C:\Documents and Settings\Andrew Conkling\Application Data\Comma Separated Values (Windows).ADR
[2009/12/11 16:06:42 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Andrew Conkling\Application Data\PnkBstrK.sys
[2009/09/27 09:28:58 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Andrew Conkling\Local Settings\Application Data\fusioncache.dat
[2009/03/16 08:05:20 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Andrew Conkling\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/03 16:10:40 | 010,747,904 | -H-- | C] () -- C:\Documents and Settings\Andrew Conkling\NTUSER.bak
[2009/03/03 16:10:40 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Andrew Conkling\NTUSER.BK1
[2005/01/28 17:57:50 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== ZeroAccess Check ==========

[2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/07 16:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/12/22 10:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Defender Pro
[2011/09/05 11:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2010/04/13 14:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010/01/16 05:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/01/16 21:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/01/18 16:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/01/28 18:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/08 20:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\Avanquest
[2012/07/07 16:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\BitDefender
[2012/08/30 13:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\com.amazon.music.uploader
[2012/07/07 16:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\Defender Pro
[2010/06/29 17:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\ElevatedDiagnostics
[2010/04/15 14:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\f-secure
[2009/08/13 14:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2010/06/22 16:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\GARMIN
[2010/06/01 13:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\HorizonWimba
[2012/11/25 17:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\IDM
[2010/05/08 16:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\Image Zone Express
[2010/03/04 20:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\My Games
[2012/07/05 15:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\Oracle
[2012/07/07 16:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\QuickScan
[2010/06/07 10:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\Thunderbird
[2009/08/02 12:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew Conkling\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\WINDOWS\WindowsUpdate.log:BDU
@Alternate Data Stream - 16 bytes -> C:\WINDOWS\Sti_Trace.log:BDU
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Andrew Conkling\Desktop\OTL.exe:BDU
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v

Ron
  • 0

#3
conkling79

conkling79

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thank you for your help here are the files you requested.

Andrew



Summary
Operating System
Microsoft Windows XP Home Edition 32-bit SP3
CPU
Intel Celeron M 350
Dothan 90nm Technology
RAM
1.00 GB Single-Channel DDR @ 166MHz (2.5-3-3-7)
Motherboard
Dell Inc. 0C8862 (Microprocessor) 61 °C
Graphics
Plug and Play Monitor (1024x768@60Hz)
Mobile Intel 915GM/GMS,910GML Express Chipset Family
Mobile Intel 915GM/GMS,910GML Express Chipset Family
Hard Drives
27.9GB FUJITSU MHT2030AT (PATA) 43 °C
Optical Drives
PHILIPS CDRW/DVD CDD5263
Audio
SigmaTel C-Major Audio
Operating System
Microsoft Windows XP Home Edition 32-bit SP3
Computer type: Portable
Installation Date : 3/3/2009 4:09:54 PM
Serial Number:
Windows Security Center
Windows Update
AutoUpdate Not configured
Firewall
Firewall Enabled
Company Name Defender Pro
Display Name Defender Pro Firewall
Product Version 15.0.27.312
Antivirus
Antivirus Enabled
Company Name Defender Pro
Display Name Defender Pro Antivirus
Product Version 15.0.27.312
Virus Signature Database Up to date
.NET Frameworks installed
v3.5 SP1
v3.0 SP2
v2.0 SP2
Internet Explorer
Version 8.0.6001.18702
PowerShell
Version 1.0
Java
Java Runtime Environment
Path C:\Program Files\Java\jre7\bin\java.exe
Version 7.0
Update 5
Build 05
Environment Variables
USERPROFILE C:\Documents and Settings\Andrew Conkling
SystemRoot C:\WINDOWS
User Variables
TEMP C:\Documents and Settings\Andrew Conkling\Local Settings\Temp
TMP C:\Documents and Settings\Andrew Conkling\Local Settings\Temp
Machine Variables
ComSpec C:\WINDOWS\system32\cmd.exe
Path C:\WINDOWS\system32
C:\WINDOWS
C:\WINDOWS\system32\wbem
C:\Program Files\Common Files\Sonic Shared
C:\WINDOWS\system32\WindowsPowerShell\v1.0
windir C:\WINDOWS
FP_NO_HOST_CHECK NO
OS Windows_NT
PROCESSOR_ARCHITECTURE x86
PROCESSOR_LEVEL 6
PROCESSOR_IDENTIFIER x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_REVISION 0d08
NUMBER_OF_PROCESSORS 1
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
TEMP C:\WINDOWS\TEMP
TMP C:\WINDOWS\TEMP
Battery
AC Line Online
Battery Charge % 100 %
Battery State High
Remaining Battery Time Unknown
Power Profile
Active power scheme Always Plugged In (QuickSet)
Hibernation Disabled
Turn Off Monitor after: (On AC Power) Never
Turn Off Monitor after: (On Battery Power) 10 min
Turn Off Hard Disk after: (On AC Power) Never
Turn Off Hard Disk after: (On Battery Power) 30 min
Suspend after: (On AC Power) Never
Suspend after: (On Battery Power) Never
Screen saver Disabled
Uptime
Current Session
Current Time 1/31/2013 1:06:56 AM
Current Uptime 603 sec (0 d, 00 h, 10 m, 03 s)
Last Boot Time 1/31/2013 12:56:53 AM
TimeZone
TimeZone GMT -6:00 Hours
Language English (United States)
Location United States
Format English (United States)
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Process List
adobearm.exe
Process ID 3852
User Andrew Conkling
Domain NOTEBOOK
Path C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Memory Usage 16 MB
Peak Memory Usage 18 MB
alg.exe
Process ID 2368
Path C:\WINDOWS\System32\alg.exe
Memory Usage 4.19 MB
Peak Memory Usage 4.20 MB
bcmwltry.exe
Process ID 1160
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\bcmwltry.exe
Memory Usage 8.71 MB
Peak Memory Usage 8.73 MB
bdagent.exe
Process ID 3896
User Andrew Conkling
Domain NOTEBOOK
Path C:\Program Files\Defender Pro\Defender Pro\bdagent.exe
Memory Usage 1.33 MB
Peak Memory Usage 21 MB
csrss.exe
Process ID 1048
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\csrss.exe
Memory Usage 3.63 MB
Peak Memory Usage 3.65 MB
dlg.exe
Process ID 4028
User Andrew Conkling
Domain NOTEBOOK
Path C:\Program Files\Digital Line Detect\DLG.exe
Memory Usage 3.93 MB
Peak Memory Usage 3.93 MB
dmxlauncher.exe
Process ID 3416
User Andrew Conkling
Domain NOTEBOOK
Path C:\Program Files\Dell\Media Experience\DMXLauncher.exe
Memory Usage 3.18 MB
Peak Memory Usage 3.18 MB
downloader.exe
Process ID 768
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Defender Pro\Defender Pro\downloader.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
dvdlauncher.exe
Process ID 3196
User Andrew Conkling
Domain NOTEBOOK
Path C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
Memory Usage 3.57 MB
Peak Memory Usage 3.58 MB
explorer.exe
Process ID 632
User Andrew Conkling
Domain NOTEBOOK
Path C:\WINDOWS\Explorer.EXE
Memory Usage 30 MB
Peak Memory Usage 30 MB
hkcmd.exe
Process ID 3612
User Andrew Conkling
Domain NOTEBOOK
Path C:\WINDOWS\system32\hkcmd.exe
Memory Usage 3.53 MB
Peak Memory Usage 3.54 MB
igfxpers.exe
Process ID 3680
User Andrew Conkling
Domain NOTEBOOK
Path C:\WINDOWS\system32\igfxpers.exe
Memory Usage 3.62 MB
Peak Memory Usage 3.63 MB
lsass.exe
Process ID 1128
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\lsass.exe
Memory Usage 6.37 MB
Peak Memory Usage 6.38 MB
nicconfigsvc.exe
Process ID 756
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
Memory Usage 5.18 MB
Peak Memory Usage 5.18 MB
pchooklaunch32.exe
Process ID 4064
User Andrew Conkling
Domain NOTEBOOK
Path C:\Program Files\Defender Pro\Defender Pro\pchooklaunch32.exe
Memory Usage 2.19 MB
Peak Memory Usage 2.19 MB
pnkbstra.exe
Process ID 1488
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\PnkBstrA.exe
Memory Usage 3.13 MB
Peak Memory Usage 3.13 MB
pnkbstrb.exe
Process ID 1520
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\PnkBstrB.exe
Memory Usage 4.19 MB
Peak Memory Usage 4.19 MB
quickset.exe
Process ID 3400
User Andrew Conkling
Domain NOTEBOOK
Path C:\Program Files\Dell\QuickSet\quickset.exe
Memory Usage 7.03 MB
Peak Memory Usage 7.05 MB
reader_sl.exe
Process ID 3728
User Andrew Conkling
Domain NOTEBOOK
Path C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Memory Usage 2.91 MB
Peak Memory Usage 2.91 MB
safeboxservice.exe
Process ID 1424
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Defender Pro\Defender Pro SafeBox\safeboxservice.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
services.exe
Process ID 1116
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\services.exe
Memory Usage 3.52 MB
Peak Memory Usage 3.61 MB
smss.exe
Process ID 1000
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 432KB
Peak Memory Usage 716KB
speccy.exe
Process ID 2548
User Andrew Conkling
Domain NOTEBOOK
Path C:\Program Files\Speccy\Speccy.exe
Memory Usage 18 MB
Peak Memory Usage 40 MB
spoolsv.exe
Process ID 364
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\spoolsv.exe
Memory Usage 6.28 MB
Peak Memory Usage 6.29 MB
svchost.exe
Process ID 328
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 3.54 MB
Peak Memory Usage 3.61 MB
svchost.exe
Process ID 2324
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 4.06 MB
Peak Memory Usage 4.07 MB
svchost.exe
Process ID 3112
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.40 MB
Peak Memory Usage 4.56 MB
svchost.exe
Process ID 1336
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.95 MB
Peak Memory Usage 5.00 MB
svchost.exe
Process ID 1448
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.38 MB
Peak Memory Usage 4.38 MB
svchost.exe
Process ID 1572
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 97 MB
Peak Memory Usage 117MB
svchost.exe
Process ID 1092
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 5.10 MB
Peak Memory Usage 5.10 MB
svchost.exe
Process ID 1608
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 3.33 MB
Peak Memory Usage 3.34 MB
svchost.exe
Process ID 524
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.41 MB
Peak Memory Usage 4.43 MB
svchost.exe
Process ID 580
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 3.52 MB
Peak Memory Usage 3.52 MB
svchost.exe
Process ID 1384
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 3.49 MB
Peak Memory Usage 3.49 MB
syntpenh.exe
Process ID 3100
User Andrew Conkling
Domain NOTEBOOK
Path C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Memory Usage 5.09 MB
Peak Memory Usage 5.11 MB
syntplpr.exe
Process ID 2968
User Andrew Conkling
Domain NOTEBOOK
Path C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Memory Usage 3.32 MB
Peak Memory Usage 3.38 MB
system
Process ID 4
Memory Usage 252KB
Peak Memory Usage 2.03 MB
system idle process
Process ID 0
updatesrv.exe
Process ID 1312
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Defender Pro\Defender Pro\updatesrv.exe
Memory Usage 11 MB
Peak Memory Usage 11 MB
vsserv.exe
Process ID 1296
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Defender Pro\Defender Pro\vsserv.exe
Memory Usage 12 MB
Peak Memory Usage 145MB
winlogon.exe
Process ID 1072
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\winlogon.exe
Memory Usage 3.40 MB
Peak Memory Usage 14 MB
wltray.exe
Process ID 3556
User Andrew Conkling
Domain NOTEBOOK
Path C:\WINDOWS\system32\wltray.exe
Memory Usage 5.57 MB
Peak Memory Usage 5.66 MB
wltrysvc.exe
Process ID 1640
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\wltrysvc.exe
Memory Usage 2.19 MB
Peak Memory Usage 2.19 MB
wmiprvse.exe
Process ID 2896
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage 5.86 MB
Peak Memory Usage 5.96 MB
wmiprvse.exe
Process ID 3388
Path C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage 7.48 MB
Peak Memory Usage 7.88 MB
wscntfy.exe
Process ID 4020
User Andrew Conkling
Domain NOTEBOOK
Path C:\WINDOWS\system32\wscntfy.exe
Memory Usage 3.04 MB
Peak Memory Usage 3.04 MB
wuauclt.exe
Process ID 2144
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wuauclt.exe
Memory Usage 29 MB
Peak Memory Usage 115MB
yahooauservice.exe
Process ID 1548
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Memory Usage 5.14 MB
Peak Memory Usage 5.14 MB
Scheduler
1/31/2013 1:15 AM;Every 1 hour(s) from 12:15 AM for 24 hour(s) every day, starting 1/1/2000 Adobe Flash Player Updater
Hotfixes
1/16/2013 Security Update for Internet Explorer 8 for Windows XP (KB2799329)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
1/9/2013 Security Update for Microsoft Office 2007 suites (KB2687499)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
1/9/2013 Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2736416)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected application to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
1/9/2013 Security Update for Windows XP (KB2757638)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/9/2013 Windows Malicious Software Removal Tool - January 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
1/3/2013 Update for Windows XP and Windows Server 2003 (KB2798897)
Install this update to resolve an issue which requires an update
to the untrusted certificate store on Windows systems and to
keep your systems up to date. After you install this update,
you may have to restart your system.
12/4/2012 Cumulative Security Update for ActiveX Killbits for Windows XP (KB2618451)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
System Folders
Path for burning CD C:\Documents and Settings\Andrew Conkling\Local Settings\Application Data\Microsoft\CD Burning
Application Data C:\Documents and Settings\All Users\Application Data
Public Desktop C:\Documents and Settings\All Users\Desktop
Documents C:\Documents and Settings\All Users\Documents
Global Favorites C:\Documents and Settings\All Users\Favorites
Music C:\Documents and Settings\All Users\Documents\My Music
Pictures C:\Documents and Settings\All Users\Documents\My Pictures
Start Menu Programs C:\Documents and Settings\All Users\Start Menu\Programs
Start Menu C:\Documents and Settings\All Users\Start Menu
Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Templates C:\Documents and Settings\All Users\Templates
Cookies C:\Documents and Settings\Andrew Conkling\Cookies
Desktop C:\Documents and Settings\Andrew Conkling\Desktop
Physical Desktop C:\Documents and Settings\Andrew Conkling\Desktop
User Favorites C:\Documents and Settings\Andrew Conkling\Favorites
Fonts C:\WINDOWS\Fonts
Internet History C:\Documents and Settings\Andrew Conkling\Local Settings\History
Temporary Internet Files C:\Documents and Settings\Andrew Conkling\AppData\Local\Microsoft\Windows\Temporary Internet Files
Local Application Data C:\Documents and Settings\Andrew Conkling\Local Settings\Application Data
Windows Directory C:\WINDOWS
Windows/System C:\WINDOWS\system32
Program Files C:\Program Files
Services
Running Application Layer Gateway Service
Running Automatic Updates
Running Background Intelligent Transfer Service
Running Broadcom Wireless LAN Tray Service
Running COM+ Event System
Running CryptSvc
Running DCOM Server Process Launcher
Running Defender Pro Desktop Update Service
Running Defender Pro Virus Shield
Running DHCP Client
Running Distributed Link Tracking Client
Running DNS Client
Running Event Log
Running Help and Support
Running HTTP SSL
Running IPSEC Services
Running Net Driver HPZ12
Running Network Connections
Running NICCONFIGSVC
Running Plug and Play
Running Pml Driver HPZ12
Running PnkBstrA
Running PnkBstrB
Running Print Spooler
Running Protected Storage
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running SafeBox
Running Secondary Logon
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery Service
Running System Event Notification
Running System Restore Service
Running Task Scheduler
Running Telephony
Running Terminal Services
Running Themes
Running WebClient
Running Windows Audio
Running Windows Driver Foundation - User-mode Driver Framework
Running Windows Firewall/Internet Connection Sharing (ICS)
Running Windows Image Acquisition (WIA)
Running Windows Management Instrumentation
Running Windows Time
Running Workstation
Running Yahoo! Updater
Stopped .NET Runtime Optimization Service v2.0.50727_X86
Stopped Adobe Flash Player Update Service
Stopped Alerter
Stopped Application Management
Stopped ASP.NET State Service
Stopped ClipBook
Stopped COM+ System Application
Stopped Computer Browser
Stopped Distributed Transaction Coordinator
Stopped Error Reporting Service
Stopped Extensible Authentication Protocol Service
Stopped Fast User Switching Compatibility
Stopped Health Key and Certificate Management Service
Stopped Human Interface Device Access
Stopped IMAPI CD-Burning COM Service
Stopped Indexing Service
Stopped Intel NCS NetService
Stopped Logical Disk Manager
Stopped Logical Disk Manager Administrative Service
Stopped Messenger
Stopped Microsoft Office Diagnostics Service
Stopped Mozilla Maintenance Service
Stopped MS Software Shadow Copy Provider
Stopped Net Logon
Stopped Net.Tcp Port Sharing Service
Stopped NetMeeting Remote Desktop Sharing
Stopped Network Access Protection Agent
Stopped Network DDE
Stopped Network DDE DSDM
Stopped Network Location Awareness (NLA)
Stopped Network Provisioning Service
Stopped NT LM Security Support Provider
Stopped Office Source Engine
Stopped Performance Logs and Alerts
Stopped Portable Media Serial Number Service
Stopped QoS RSVP
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Help Session Manager
Stopped Remote Procedure Call (RPC) Locator
Stopped Removable Storage
Stopped Routing and Remote Access
Stopped Smart Card
Stopped TCP/IP NetBIOS Helper
Stopped Uninterruptible Power Supply
Stopped Universal Plug and Play Device Host
Stopped Volume Shadow Copy
Stopped Windows CardSpace
Stopped Windows Installer
Stopped Windows Media Player Network Sharing Service
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Presentation Foundation Font Cache 4.0.0.0
Stopped Wired AutoConfig
Stopped Wireless Zero Configuration
Stopped WMI Performance Adapter
Security Options
@wsecedit.dll,-432 Enabled
@wsecedit.dll,-433 Enabled
@wsecedit.dll,-63 Disabled
@wsecedit.dll,-65 Administrator
@wsecedit.dll,-67 Guest
Accounts: Limit local account use of blank passwords to console logon only Enabled
Audit: Audit the access of global system objects Disabled
Audit: Audit the use of Backup and Restore privilege Disabled
Audit: Shut down system immediately if unable to log security audits Disabled
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Undefined
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Undefined
Devices: Allow undock without having to log on Enabled
Devices: Allowed to format and eject removable media Administrators
Devices: Prevent users from installing printer drivers Disabled
Devices: Restrict CD-ROM access to locally logged-on user only Disabled
Devices: Restrict floppy access to locally logged-on user only Disabled
Devices: Unsigned driver installation behavior Warn but allow installation
Domain controller: Allow server operators to schedule tasks Undefined
Domain controller: LDAP server signing requirements Undefined
Domain controller: Refuse machine account password changes Undefined
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Domain member: Digitally encrypt secure channel data (when possible) Enabled
Domain member: Digitally sign secure channel data (when possible) Enabled
Domain member: Disable machine account password changes Disabled
Domain member: Maximum machine account password age 30 days
Domain member: Require strong (Windows 2000 or later) session key Disabled
Interactive logon: Display user information when the session is locked Undefined
Interactive logon: Do not display last user name Disabled
Interactive logon: Do not require CTRL+ALT+DEL Undefined
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available) 10 logons
Interactive logon: Prompt user to change password before expiration 14 days
Interactive logon: Require Domain Controller authentication to unlock workstation Disabled
Interactive logon: Require smart card Undefined
Interactive logon: Smart card removal behavior No Action
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network client: Digitally sign communications (if server agrees) Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers Disabled
Microsoft network server: Amount of idle time required before suspending session 15 minutes
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) Disabled
Microsoft network server: Disconnect clients when logon hours expire Enabled
Network access: Do not allow anonymous enumeration of SAM accounts Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares Disabled
Network access: Do not allow storage of credentials or .NET Passports for network authentication Disabled
Network access: Let Everyone permissions apply to anonymous users Disabled
Network access: Named Pipes that can be accessed anonymously COMNAP,COMNODE,SQL\QUERY,SPOOLSS,LLSRPC,browser
Network access: Remotely accessible registry paths System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Control\Server Applications,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
Network access: Shares that can be accessed anonymously COMCFG,DFS$
Network access: Sharing and security model for local accounts Guest only - local users authenticate as Guest
Network security: Do not store LAN Manager hash value on next password change Disabled
Network security: LAN Manager authentication level Send LM & NTLM responses
Network security: LDAP client signing requirements Negotiate signing
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients No minimum
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers No minimum
Recovery console: Allow automatic administrative logon Enabled
Recovery console: Allow floppy copy and access to all drives and all folders Enabled
Shutdown: Allow system to be shut down without having to log on Enabled
Shutdown: Clear virtual memory pagefile Disabled
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Disabled
System objects: Default owner for objects created by members of the Administrators group Object creator
System objects: Require case insensitivity for non-Windows subsystems Enabled
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) Enabled
Device Tree
ACPI Uniprocessor PC
Microsoft ACPI-Compliant System
Intel Celeron M processor 1.30GHz
ACPI Thermal Zone
Microsoft AC Adapter
Microsoft ACPI-Compliant Control Method Battery
ACPI Lid
ACPI Power Button
ACPI Sleep Button
System board
PCI bus
Mobile Intel 915GM/PM/GMS/910GML Express Processor to DRAM Controller - 2590
SigmaTel C-Major Audio
Conexant D110 MDC V.9x Modem
Intel 82801FB/FBM SMBus Controller - 266A
System board
System board
System board
Mobile Intel® 915GM/GMS,910GML Express Chipset Family
Plug and Play Monitor
Plug and Play Monitor
Mobile Intel® 915GM/GMS,910GML Express Chipset Family
Plug and Play Monitor
Intel® 82801FB/FBM USB Universal Host Controller - 2658
USB Root Hub
Intel® 82801FB/FBM USB Universal Host Controller - 2659
USB Root Hub
Intel® 82801FB/FBM USB Universal Host Controller - 265A
USB Root Hub
Intel® 82801FB/FBM USB Universal Host Controller - 265B
USB Root Hub
Intel® 82801FB/FBM USB2 Enhanced Host Controller - 265C
USB Root Hub
Intel® 82801 PCI Bridge - 2448
Intel PRO/100 VE Network Connection
Texas Instruments PCI-1510 CardBus Controller
Belkin 802.11g Network Adapter
Intel® 82801FBM LPC Interface Controller - 2641
ISAPNP Read Data Port
Synaptics PS/2 Port Pointing Device
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
System CMOS/real time clock
System timer
System speaker
System board
Programmable interrupt controller
Direct memory access controller
Numeric data processor
Intel® 82801FB/FBM Ultra ATA Storage Controllers - 266F
Primary IDE Channel
FUJITSU MHT2030AT
PHILIPS CDRW/DVD CDD5263
CPU
Intel Celeron M 350
Cores 1
Threads 1
Name Intel Celeron M 350
Code Name Dothan
Package Socket 479 mPGA
Technology 90nm
Specification Intel Celeron M processor 1.30GHz
Family 6
Extended Family 6
Model D
Extended Model D
Stepping 8
Revision C0
Instructions MMX, SSE, SSE2
Virtualization Not supported
Hyperthreading Not supported
Bus Speed 99.8 MHz
Rated Bus Speed 399.2 MHz
Stock Core Speed 1300 MHz
Caches
L1 Data Cache Size 32 KBytes
L1 Instructions Cache Size 32 KBytes
L2 Unified Cache Size 1024 KBytes
Core 0
Core Speed 1297.4 MHz
Multiplier x 13.0
Bus Speed 99.8 MHz
Rated Bus Speed 399.2 MHz
Thread 1
APIC ID 0
RAM
Memory slots
Total memory slots 2
Used memory slots 2
Free memory slots 0
Memory
Type DDR
Size 1272 MBytes
Channels # Single
DRAM Frequency 166.3 MHz
CAS# Latency (CL) 2.5 clocks
RAS# to CAS# Delay (tRCD) 3 clocks
RAS# Precharge (tRP) 3 clocks
Cycle Time (tRAS) 7 clocks
Physical Memory
Memory Usage 45 %
Total Physical 1.24 GB
Available Physical 686MB
Total Virtual 2.34 GB
Available Virtual 1.82 GB
SPD
Number Of SPD Modules 1
Slot #1
Type DDR
Size 1024 MBytes
Manufacturer MOSEL
Max Bandwidth PC2700 (166 MHz)
Part Number V826765G24SAJW-C0
Serial Number E7100500
Week/year 73 / 07
SPD Ext. EPP
JEDEC #2
Frequency 166.7 MHz
CAS# Latency 2.5
RAS# To CAS# 4
RAS# Precharge 4
tRAS 8
Voltage 2.500 V
JEDEC #1
Frequency 133.3 MHz
CAS# Latency 2.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 6
Voltage 2.500 V
Motherboard
Manufacturer Dell Inc.
Model 0C8862 (Microprocessor)
Chipset Vendor Intel
Chipset Model i915GMS/i910GML
Chipset Revision 03
Southbridge Vendor Intel
Southbridge Model 82801FBM (ICH6-M)
Southbridge Revision 03
System Temperature 61 °C
BIOS
Brand Dell Inc.
Version A03
Date 3/31/2005
PCI Data
Slot UNKNOWN
Slot Type UNKNOWN
Slot Usage Available
Bus Width 32 bit
Slot Designation PCMCIA 0
Slot Number 0
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation MiniPCI
Slot Number 1
Graphics
Monitor
Name Plug and Play Monitor on Mobile Intel 915GM/GMS,910GML Express Chipset Family
Current Resolution 1024x768 pixels
Work Resolution 1024x734 pixels
State enabled, primary, output devices support
Monitor Width 1024
Monitor Height 768
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
Mobile Intel® 915GM/GMS,910GML Express Chipset Family
Memory 96 MB
Driver version 6.14.10.4609
Mobile Intel® 915GM/GMS,910GML Express Chipset Family
Memory 96 MB
Driver version 6.14.10.4609
OpenGL
Version 1.4.0 - Build 4.14.10.4609
Vendor Intel
Renderer Intel 915GM
GLU Version 1.2.2.0 Microsoft Corporation
Values
GL_MAX_LIGHTS 16
GL_MAX_TEXTURE_SIZE 2048
GL_MAX_TEXTURE_STACK_DEPTH 10
GL Extensions
GL_ARB_depth_texture
GL_ARB_fragment_program
GL_ARB_multitexture
GL_ARB_point_parameters
GL_ARB_shadow
GL_ARB_texture_border_clamp
GL_ARB_texture_compression
GL_ARB_texture_cube_map
GL_ARB_texture_env_add
GL_ARB_texture_env_combine
GL_ARB_texture_env_dot3
GL_ARB_texture_env_crossbar
GL_ARB_transpose_matrix
GL_ARB_vertex_buffer_object
GL_ARB_vertex_program
GL_ARB_window_pos
GL_EXT_abgr
GL_EXT_bgra
GL_EXT_blend_color
GL_EXT_blend_func_separate
GL_EXT_blend_minmax
GL_EXT_blend_subtract
GL_EXT_clip_volume_hint
GL_EXT_compiled_vertex_array
GL_EXT_cull_vertex
GL_EXT_draw_range_elements
GL_EXT_fog_coord
GL_EXT_multi_draw_arrays
GL_EXT_packed_pixels
GL_EXT_rescale_normal
GL_EXT_secondary_color
GL_EXT_separate_specular_color
GL_EXT_shadow_funcs
GL_EXT_stencil_two_side
GL_EXT_stencil_wrap
GL_EXT_texture_compression_s3tc
GL_EXT_texture_env_add
GL_EXT_texture_env_combine
GL_EXT_texture_filter_anisotropic
GL_EXT_texture3D
GL_3DFX_texture_compression_FXT1
GL_IBM_texture_mirrored_repeat
GL_NV_blend_square
GL_NV_texgen_reflection
GL_SGIS_generate_mipmap
GL_WIN_swap_hint
GL_EXT_bgra
Hard Drives
FUJITSU MHT2030AT
Manufacturer Unknown manufacturer
Heads 16
Cylinders 16,383
Device type Fixed
ATA Standard ATA/ATAPI-6
Serial Number NN15T5525FJ0
LBA Size 28bit LBA
Power On Count 3056 times
Power On Time 6580058.5 days
Features S.M.A.R.T., APM, AAM
Transfer Mode Ultra DMA/100
Interface PATA
Capacity 27.9GB
Real size 30,005,821,440 bytes
RAID Type None
S.M.A.R.T
01 Read Error Rate 100 (100 worst) Data 0000039459
02 Throughput Performance 100 (100) Data 0000C90000
03 Spin-Up Time 100 (100) Data 0000000000
04 Start/Stop Count 099 (099) Data 0000000BFA
05 Reallocated Sectors Count 100 (100) Data 0000000000
07 Seek Error Rate 100 (100) Data 0000000DBC
08 Seek Time Performance 100 (100) Data 0000000000
09 Power-On Hours (POH) 013 (013) Data 000969B07B
0A Spin Retry Count 100 (100) Data 0000000000
0C Device Power Cycle Count 100 (100) Data 0000000BF0
C0 Power-off Retract Count 100 (100) Data 0000000005
C1 Load/Unload Cycle Count 045 (045) Data 0000087C30
C2 Temperature 100 (100) Data 00000D002C
C3 Hardware ECC Recovered 100 (100) Data 00000003D4
C4 Reallocation Event Count 100 (100) Data 0010E50000
C5 Current Pending Sector Count 100 (100) Data 0000000000
C6 Uncorrectable Sector Count 100 (100) Data 0000000001
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
C8 Write Error Rate / Multi-Zone Error Rate 100 (100) Data 00000042DB
Temperature 43 °C
Temperature Range ok (less than 50 °C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Size 15.6 MB
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter C:
File System NTFS
Volume Serial Number FCC326D5
Size 25.0GB
Used Space 22.0GB (88%)
Free Space 3.06GB (12%)
Partition 2
Partition ID Disk #0, Partition #2
Size 2.87 GB
Optical Drives
PHILIPS CDRW/DVD CDD5263
Media Type CD-ROM
Name PHILIPS CDRW/DVD CDD5263
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 0
SCSI Target Id 1
Status OK
Audio
Sound Card
SigmaTel C-Major Audio
Playback Device
SigmaTel C-Major Audio
Recording Device
SigmaTel C-Major Audio
Speaker Configuration
Speaker Configuration
Speaker type Stereo
Peripherals
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device Kind Keyboard
Device Name Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Vendor (Standard keyboards)
Location plugged into keyboard port
Driver
Date 7-1-2001
Version 5.1.2600.2180
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Synaptics PS/2 Port Pointing Device
Device Kind Mouse
Device Name Synaptics PS/2 Port Pointing Device
Vendor Synaptics
Location plugged into PS/2 mouse port
Driver
Date 5-14-2004
Version 7.10.11.0
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\mouclass.sys
File C:\WINDOWS\system32\DRIVERS\SynTP.sys
File C:\WINDOWS\system32\SynTPAPI.dll
File C:\WINDOWS\system32\SynTPFcs.dll
File C:\WINDOWS\system32\SynCOM.dll
File C:\WINDOWS\system32\SynCtrl.dll
File C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
File C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
File C:\Program Files\Synaptics\SynTP\SynCntxt.rtf
File C:\Program Files\Synaptics\SynTP\SynZMetr.exe
File C:\Program Files\Synaptics\SynTP\SynMood.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.ini
File C:\Program Files\Synaptics\SynTP\SynTPCOM.dll
File C:\Program Files\Synaptics\SynTP\Tutorial.exe
File C:\Program Files\Synaptics\SynTP\InstNT.exe
File C:\Program Files\Synaptics\SynTP\SynISDLL.dll
File C:\Program Files\Synaptics\SynTP\SynUnst.ini
File C:\WINDOWS\system32\SynTPCoI.dll
Hewlett Packard PhotoSmart C20 Digital Camera
Device Kind Camera/scanner
Device Name Hewlett Packard PhotoSmart C20 Digital Camera
Vendor Hewlett Packard
Comment Hewlett Packard PhotoSmart C20 Digital Camera
Driver
Date 7-1-2001
Version 5.1.2600.0
File C:\WINDOWS\system32\kousd.dll
File C:\WINDOWS\system32\fnfilter.dll
File C:\WINDOWS\system32\drivers\serscan.sys
Printers
HP PSC 1400 series (Default Printer)
Printer Port USB001
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 4294967293 dpi Color
Status Unknown
Driver
Driver Name HP PSC 1400 series (v0.21)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku12.dll
Microsoft XPS Document Writer
Share Name Printer2
Printer Port XPSPort:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Network
You are not connected to the internet
Computer Name
NetBIOS Name NOTEBOOK
DNS Name NOTEBOOK
Membership Part of workgroup
Workgroup HOME
Remote Desktop
Disabled
Console
State Active
Domain NOTEBOOK
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Wi-Fi not enabled
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout (ms) 60,000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout (ms) 30,000
IEProxy Auto Detect Yes
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
File and printer sharing service Enabled
Simple File Sharing Enabled
Administrative Shares Enabled
Network access: Sharing and security model for local accounts Guest only - local users authenticate as Guest
Adapters List
Belkin 802.11g Network Adapter - Packet Scheduler Miniport
IP Address 192.168.1.105
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Network Shares
SharedDocs C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS
Printer2 Microsoft XPS Document Writer,LocalsplOnly


Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 98.44 0 K 28 K
bdagent.exe 2644 1.56 17,548 K 1,288 K Defender Pro Agent Defender Pro (Verified) BitDefender SRL
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
YahooAUService.exe 3300 6,028 K 7,860 K AutoUpater Service Module Yahoo! Inc. (Verified) Yahoo! Inc.
wltrysvc.exe 448 1,248 K 2,240 K (Unable to verify) (null)
wltray.exe 2428 2,108 K 5,740 K Belkin 802.11 Network Adapter Wireless Network Tray Applet Belkin Corporation (Unable to verify) Belkin Corporation
winlogon.exe 1092 5,816 K 3,656 K Windows NT Logon Application Microsoft Corporation (Unable to verify) Microsoft Corporation
vsserv.exe 1308 206,888 K 19,012 K Defender Pro Security Service Defender Pro (Verified) BitDefender SRL
updatesrv.exe 1636 7,580 K 11,520 K Defender Pro Update Service Defender Pro (Verified) BitDefender SRL
System 4 0 K 252 K
SynTPLpr.exe 2244 1,784 K 3,396 K TouchPad Driver Helper Application Synaptics, Inc. (Unable to verify) Synaptics, Inc.
SynTPEnh.exe 2292 2,524 K 5,444 K Synaptics TouchPad Enhancements Synaptics, Inc. (Unable to verify) Synaptics, Inc.
svchost.exe 1352 3,052 K 5,024 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 1780 29,604 K 40,764 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 1900 2,392 K 3,412 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 224 3,832 K 5,940 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 776 2,216 K 4,468 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 984 1,920 K 3,608 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1316 1,904 K 3,572 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2044 2,860 K 5,216 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 460 2,448 K 4,164 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 2308 3,372 K 5,248 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
smss.exe 1012 172 K 432 K Windows NT Session Manager Microsoft Corporation (Verified) Microsoft Windows Component Publisher
services.exe 1136 1,752 K 3,644 K Services and Controller app Microsoft Corporation (Unable to verify) Microsoft Corporation
safeboxservice.exe 1596 16,932 K 13,496 K SafeBox Service Defender Pro (Verified) BitDefender SRL
quickset.exe 2380 2,608 K 6,024 K QuickSet MFC Application (Unable to verify)
procexp.exe 820 23,044 K 28,140 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PnkBstrB.exe 1384 3,756 K 4,288 K (Verified) Even Balance
PnkBstrA.exe 1372 2,628 K 3,200 K (Verified) Even Balance
pchooklaunch32.exe 2700 692 K 2,292 K Defender Pro (Verified) BitDefender SRL
NicConfigSvc.exe 996 1,836 K 3,960 K Internal Network Card Power Management Service Dell Inc. (Unable to verify) Dell Inc.
lsass.exe 1148 2,516 K 1,856 K LSA Shell (Export Version) Microsoft Corporation (Verified) Microsoft Windows Component Publisher
igfxpers.exe 2512 1,688 K 3,700 K persistence Module Intel Corporation (Unable to verify) Intel Corporation
hkcmd.exe 2480 1,692 K 3,604 K hkcmd Module Intel Corporation (Unable to verify) Intel Corporation
firefox.exe 3608 249,804 K 253,916 K Firefox Mozilla Corporation (Verified) Mozilla Corporation
explorer.exe 656 26,456 K 36,144 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Component Publisher
DVDLauncher.exe 2364 1,584 K 3,732 K CyberLink PowerCinema Resident Program CyberLink Corp. (Unable to verify) CyberLink Corp.
downloader.exe 2084 8,480 K 10,908 K Defender Pro Update Downloader Defender Pro (Verified) BitDefender SRL
DMXLauncher.exe 2400 1,648 K 3,244 K (Unable to verify) (null)
DLG.exe 2708 2,512 K 4,044 K Digital Line Detection BVRP Software (Unable to verify) BVRP Software
csrss.exe 1060 1,744 K 4,032 K Client Server Runtime Process Microsoft Corporation (Unable to verify) Microsoft Corporation
bcmwltry.exe 672 4,416 K 9,080 K Belkin 802.11 Network Adapter Wireless Network Controller Belkin Corporation (Unable to verify) Belkin Corporation



Vino's Event Viewer v01c run on Windows XP in English
Report run at 31/01/2013 1:13:37 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/01/2013 1:01:45 AM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {F681ABD0-41DE-46C8-9ED3-D0F4EBA19111} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows XP in English
Report run at 31/01/2013 1:16:09 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 31/01/2013 12:56:16 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user NOTEBOOK\Andrew Conkling registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.


Posted Image
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
It's running a bit hot. System Temperature 61 °C If it gets much hotter the CPU should start to slow things down to protect itself.

Uninstall Speccy.

Get Speedfan: Try speedfan

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help.
Also prop up the back of the laptop with a book (don't block the vents). Usually the vents are in the back and heat want to rise so tilting the vents a bit helps. Make sure the vents are not clogged with dust. With Speedfan running have your anti-virus do a scan or watch a movie. Something that takes a lot of CPU time over a long period. Does it get hotter? You may need to open it up and clean the dust from the heatsink. Also some PCs were made with thermal pads between the CPU and the heatsink. These are easier to use than thermal paste but they dry out over time and need to be removed and a thin coating of thermal paste put in its place. Some of them have a heatpipe to transmit the het and these can fail and need replacing. Sometimes a cheap cooler tray that you set the laptop on will keep it cool enough without a major operation.

Otherwise I don't see anything that would make it slow down. If you keep Process Explorer running and you notice the PC slowing down, create a new log like you did before and post that.

You do need to install: User Profile Hive Cleanup Service

http://www.microsoft...ls.aspx?id=6676

That will prevent these errors:

Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user NOTEBOOK\Andrew Conkling registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.


I think the other error is from something called SafeBox.

Log: 'System' Date/Time: 31/01/2013 1:01:45 AM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {F681ABD0-41DE-46C8-9ED3-D0F4EBA19111} did not register with DCOM within the required timeout.

You do have an old Java installed. We are recommending that you remove all Java programs. There are too many exploits out there right now.

Got to go to bed now. It's after 1 AM here.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP