Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow processing CPU

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Slow processing CPU

Unread postby cbooth » April 1st, 2013, 6:26 pm

Hi,

Prior to opening this topic I followed the recommendations for the routine maintenance on computers as advised. However, shortly (2 days) after the processing power of my laptop is back to a slow drag whether trying to open a web browser or native application. I'm wondering whether there is something installed on my laptop - virus or otherwise - that's causing the slow drag that I cannot readily identify.

Here are the DDS logs are follows. Any help would greatly be appreciated:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/17/2006 5:25:03 AM
System Uptime: 4/1/2013 10:09:33 AM (7 hours ago)
.
Motherboard: Hewlett-Packard | | 30A8
Processor: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz | U1 | 1463/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 29 GiB total, 11.029 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.123 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP527: 1/21/2013 6:49:50 PM - Removed Microsoft Works
RP528: 1/21/2013 6:51:08 PM - Removed Microsoft Silverlight
RP529: 1/21/2013 6:53:03 PM - Removed Safari
RP530: 1/21/2013 6:54:51 PM - Configured easy Internet sign-up
RP531: 1/24/2013 7:39:06 PM - Software Distribution Service 3.0
RP532: 1/27/2013 7:12:42 PM - Software Distribution Service 3.0
RP533: 3/4/2013 10:21:15 AM - Software Distribution Service 3.0
RP534: 3/4/2013 10:47:03 AM - Removed HP Help and Support
RP535: 3/4/2013 11:28:09 AM - Removed Costco Photo Organizer
RP536: 3/4/2013 11:29:20 AM - Removed Adobe Reader Chinese Traditional Fonts
RP537: 3/4/2013 11:29:42 AM - Removed Bonjour
RP538: 3/4/2013 11:48:43 AM - Removed Cisco Systems VPN Client 5.0.01.0600
RP539: 3/6/2013 9:23:50 PM - Software Distribution Service 3.0
RP540: 3/7/2013 7:07:38 PM - Software Distribution Service 3.0
RP541: 3/10/2013 10:19:16 PM - Software Distribution Service 3.0
RP542: 3/12/2013 9:01:08 AM - System Checkpoint
RP543: 3/12/2013 2:24:56 PM - Software Distribution Service 3.0
RP544: 3/13/2013 9:16:32 AM - Software Distribution Service 3.0
RP545: 3/13/2013 4:12:14 PM - Software Distribution Service 3.0
RP546: 3/15/2013 4:04:21 PM - Software Distribution Service 3.0
RP547: 3/15/2013 5:01:50 PM - Software Distribution Service 3.0
RP548: 3/15/2013 5:29:34 PM - Installed Java 7 Update 17
RP549: 3/16/2013 6:35:28 PM - Software Distribution Service 3.0
RP550: 3/16/2013 7:36:14 PM - Installed Evernote v. 4.6.3
RP551: 3/18/2013 9:08:58 AM - Software Distribution Service 3.0
RP552: 3/18/2013 11:37:08 AM - Installed Windows XP Service Pack 3.
RP553: 3/18/2013 11:49:17 AM - Installed Windows XP KB946648.
RP554: 3/18/2013 11:50:24 AM - Installed Windows XP KB950762.
RP555: 3/18/2013 11:50:48 AM - Installed Windows XP KB950974.
RP556: 3/18/2013 11:51:10 AM - Installed Windows XP KB951066.
RP557: 3/18/2013 11:51:33 AM - Installed Windows XP KB951376-v2.
RP558: 3/18/2013 11:51:59 AM - Installed Windows XP KB951698.
RP559: 3/18/2013 11:52:23 AM - Installed Windows XP KB951748.
RP560: 3/18/2013 11:52:49 AM - Installed Windows XP KB952287.
RP561: 3/18/2013 11:53:09 AM - Installed Windows XP KB952954.
RP562: 3/18/2013 9:56:29 PM - Software Distribution Service 3.0
RP563: 3/19/2013 4:37:42 PM - Software Distribution Service 3.0
RP564: 3/25/2013 3:16:27 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 7.1.0
Apple Application Support
Apple Software Update
BufferChm
Cisco Systems VPN Client 5.0.01.0600
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
EPSON Printer Software
Evernote v. 4.6.3
FullDPAppQFolder
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP DVD Play 2.1
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.00 E2
HP Update
HP User Guides--System Recovery
HP User Guides 0019
HP Wireless Assistant 2.00 E1
HpSdpAppCoreApp
InstantShareDevices
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 7 Update 17
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 38
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LightScribe 1.4.74.1
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.4
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mobile Broadband Generic Drivers
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Office 2003 Trial Assistant
OpenOffice.org Installer 1.0
OptionalContentQFolder
PhotoGallery
Quicken 2006
QuickTime
RandMap
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
Smart PDF Creator 5.0.1.343
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TourSetup
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol
WinWay Resume - Express Edition
Wireless Home Network Setup
WModem Driver Installer
.
==== Event Viewer Messages From Past Week ========
.
4/1/2013 5:08:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
4/1/2013 5:08:00 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.426.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/1/2013 5:08:00 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.426.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by Jennifer Ho at 17:17:45 on 2013-04-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.116 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp:www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
StartupFolder: c:\docume~1\jennif~1\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DB7ABE4F-B001-462A-85D6-08922E85638D} : DHCPNameServer = 75.75.75.75 75.75.76.76
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-31 195296]
S1 MpKsl9b08f1d5;MpKsl9b08f1d5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f526c45e-a038-4e25-8163-0db1f4d680e7}\mpksl9b08f1d5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f526c45e-a038-4e25-8163-0db1f4d680e7}\MpKsl9b08f1d5.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-6-15 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-6-3 174720]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2013-04-01 22:09:00 7108640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{20eb976a-01a4-48ac-bc9b-841575bdcedc}\mpengine.dll
2013-03-25 20:19:41 7108640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-03-20 21:17:43 -------- d-----w- c:\documents and settings\jennifer ho\local settings\application data\Sun
2013-03-18 16:42:21 81920 ------w- c:\windows\system32\ieencode.dll
2013-03-18 16:42:15 1327320 ------w- c:\program files\msn\msncorefiles\install\msnsusii.exe
2013-03-18 16:42:14 884712 ------w- c:\program files\msn\msncorefiles\install\msn9components\digcore.exe
2013-03-18 16:42:12 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe
2013-03-18 16:42:09 229376 ------w- c:\program files\msn\msncorefiles\oobe\obelog.dll
2013-03-18 16:42:00 966656 ------w- c:\program files\msn\msncorefiles\oobe\obemetal.dll
2013-03-18 16:42:00 77824 ------w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll
2013-03-18 16:41:44 86016 ------w- c:\program files\msn\msncorefiles\oobe\obepopc.dll
2013-03-18 16:36:42 19569 ----a-w- c:\windows\000001_.tmp
2013-03-17 00:37:48 -------- d-----w- c:\documents and settings\jennifer ho\local settings\application data\Evernote
2013-03-17 00:36:20 -------- d-----w- c:\program files\Evernote
2013-03-16 22:02:18 -------- d-----w- c:\documents and settings\jennifer ho\application data\WinPatrol
2013-03-16 21:58:54 -------- d-----w- c:\program files\BillP Studios
2013-03-16 21:58:06 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2013-03-15 22:30:26 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-04 17:47:08 -------- d-----w- c:\windows\14FCFE7CAB86428A9D2EBFB6F5A7AA6E.TMP
2013-03-04 16:12:51 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2013-03-15 22:29:55 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-15 22:29:53 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-15 22:29:53 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 15:06:15 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 15:06:13 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 21:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 17:19:51.77 ===============
cbooth
Regular Member
 
Posts: 28
Joined: October 30th, 2012, 4:23 pm
Advertisement
Register to Remove

Re: Slow processing CPU

Unread postby pgmigg » April 1st, 2013, 6:36 pm

Hello cbooth,

Welcome back to the forum! :)

My nickname is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Slow processing CPU

Unread postby pgmigg » April 2nd, 2013, 1:04 am

Hello cbooth,

Step 1.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Double-click on CKScanner.exe to run it, then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Double-click on codecheck.exe.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 3.
Please answer a couple of questions:
  1. Is this computer used for business purposes and connected to a business or educational network?
    I need to know it - so I can provide the proper instructions.
  2. Tell me please for what purpose do you use Cisco Systems VPN?

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a log created by CKFiles.txt
  3. Answers for my questions related to type of using of your computer and necessity for Cisco VPN.
  4. Contents of the codecheck.txt log file
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Slow processing CPU

Unread postby cbooth » April 2nd, 2013, 6:09 pm

Hi pimigg,

Thanks for the response. Here is my answers to your questions:

Is this computer used for business purposes and connected to a business or educational network? Only personal use at home using wireless internet of local cable provider.
I need to know it - so I can provide the proper instructions.
Tell me please for what purpose do you use Cisco Systems VPN? No purpose, don't use.

Please include in your next reply:
Do you have any problems executing the instructions? One issue: I could not successfullt execute the codecheck until i installed Microsoft .NET framewrok service pack 2.0, v2.0.50727; otherwise, all good.
Contents of a log created by CKFiles.txt
Answers for my questions related to type of using of your computer and necessity for Cisco VPN.
Contents of the codecheck.txt log file
Do you see any changes in computer behavior? No change really.

----
CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.JFNARN
----- EOF -----

Codecheck Version 1.0

04002
cbooth
Regular Member
 
Posts: 28
Joined: October 30th, 2012, 4:23 pm

Re: Slow processing CPU

Unread postby pgmigg » April 3rd, 2013, 12:46 am

Hello cbooth,
Tell me please for what purpose do you use Cisco Systems VPN? No purpose, don't use.
There is evidence of running Cisco VPN Client file cvpnd.exe (used by Cisco VPN client for making a connection to a remote IPSec server) in the list of running processes from your initial DDS log:
Code: Select all
============== Running Processes ================
.
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
If you wrote that there is no purposes to use it - please uninstall Cisco VPN Client as well as many other applications which are out of date:

Step 1.
Remove Program(s)
  1. Click on Start -> Control Panel and double click on Add/Remove Programs.
  2. Locate the following program(s):
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 38
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Windows Internet Explorer 7
  3. Click on the Change/Remove button to uninstall it.
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled, please close Add/Remove Programs. Close Control Panel.

Step 2.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double-click on OTL.exe to run it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of OTL.txt file ONLY in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file after OTL Scan run
  3. Contents of a Extras.txt log file after OTL Scan run
  4. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Slow processing CPU

Unread postby cbooth » April 3rd, 2013, 1:23 pm

OTL logfile created on: 4/3/2013 12:09:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jennifer Ho\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.05 Mb Total Physical Memory | 199.90 Mb Available Physical Memory | 39.82% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 71.39% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.23 Gb Total Space | 9.26 Gb Free Space | 31.66% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 1.12 Gb Free Space | 14.01% Space Free | Partition Type: FAT32

Computer Name: JENNIFERHO | User Name: Jennifer Ho | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/03 12:05:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Ho\Desktop\OTL.exe
PRC - [2013/03/21 17:50:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/03/15 17:29:59 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/05 14:41:44 | 000,418,024 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/03/02 10:33:04 | 001,086,816 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/23 23:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/21 17:50:32 | 012,662,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
MOD - [2013/03/21 17:49:38 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2012/12/09 20:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/12/23 23:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/15 17:29:59 | 000,170,912 | ---- | M] (Oracle Corporation) [Disabled | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/13 10:06:17 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2009/06/15 17:21:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/06/03 12:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/06/03 12:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/06/03 12:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/06/03 12:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/01/31 15:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/04/18 06:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/02 06:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/01/19 04:18:52 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/19 15:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 15:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 10:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 10:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 10:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/10 04:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:www.google.com
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\SearchScopes,DefaultScope = {1DCE899B-9016-4B5F-9BBA-8CBC709597A4}
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\SearchScopes\{1DCE899B-9016-4B5F-9BBA-8CBC709597A4}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPID_en
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()


[2010/05/16 17:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer Ho\Application Data\Mozilla\Firefox\Profiles\khe8z0gu.default\extensions
[2010/05/16 17:28:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jennifer Ho\Application Data\Mozilla\Firefox\Profiles\khe8z0gu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/26 09:33:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jennifer Ho\Application Data\Mozilla\Firefox\Profiles\khe8z0gu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/03/29 19:22:48 | 000,000,000 | ---D | M] (qtl) -- C:\Documents and Settings\Jennifer Ho\Application Data\Mozilla\Firefox\Profiles\khe8z0gu.default\extensions\qtl.co.il@gmail.com
[2010/07/11 18:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/15 23:16:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/08/03 20:23:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/11/27 18:22:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/08/24 09:24:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\GOOGLE-CJK@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.518.0\FIREFOX\EXTENSIONS
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/06/11 15:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U38 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.380.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Turn Off the Lights = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.33_0\
CHR - Extension: YouTube = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: OneClick Cleaner App = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oadiaahhieelhhffeofkdchgfpjehjok\0.9.1.1_0\
CHR - Extension: Evernote Web Clipper = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.12_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\Jennifer Ho\Start Menu\Programs\StartUp\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7ABE4F-B001-462A-85D6-08922E85638D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/01/27 14:38:00 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{7746862b-bf65-11de-a752-0014a5ad9612}\Shell - "" = AutoRun
O33 - MountPoints2\{7746862b-bf65-11de-a752-0014a5ad9612}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7746862b-bf65-11de-a752-0014a5ad9612}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{ff8ad21f-89f8-11e2-aa0f-0014a5ad9612}\Shell - "" = AutoRun
O33 - MountPoints2\{ff8ad21f-89f8-11e2-aa0f-0014a5ad9612}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff8ad21f-89f8-11e2-aa0f-0014a5ad9612}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/03 12:05:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Ho\Desktop\OTL.exe
[2013/04/02 17:14:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013/04/02 17:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/04/02 17:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/04/02 17:13:20 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2013/04/02 17:13:20 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2013/04/02 17:13:18 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2013/04/02 17:13:18 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2013/04/02 17:13:17 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2013/04/02 17:13:17 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2013/04/02 17:13:16 | 000,000,000 | ---D | C] -- C:\d34593949f506c4015eb82d0
[2013/04/01 18:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/03/20 16:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Sun
[2013/03/18 13:52:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/03/18 11:42:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2013/03/18 11:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2013/03/18 10:47:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jennifer Ho\My Documents\My Videos
[2013/03/18 10:47:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jennifer Ho\Start Menu\Programs\Administrative Tools
[2013/03/16 19:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Evernote
[2013/03/16 19:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Evernote
[2013/03/16 19:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Evernote
[2013/03/16 17:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Ho\Application Data\WinPatrol
[2013/03/16 16:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
[2013/03/16 16:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2013/03/16 16:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/03/15 17:30:34 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/15 17:30:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/15 17:30:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/15 17:30:26 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/04 14:31:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/03/04 14:31:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2013/03/04 14:31:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/03/04 13:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Ho\Desktop\Amy Personal Development
[2013/03/04 13:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Ho\My Documents\Downloads
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Jennifer Ho\Desktop\*.tmp files -> C:\Documents and Settings\Jennifer Ho\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/03 12:05:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Ho\Desktop\OTL.exe
[2013/04/03 12:04:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/03 10:57:04 | 000,164,102 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/03 10:57:04 | 000,115,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/03 09:54:15 | 000,001,593 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF
[2013/04/03 09:51:06 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/03 09:51:04 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/03 08:38:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/02 17:35:03 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/02 17:24:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/02 17:24:51 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/02 17:24:51 | 000,382,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/02 11:45:19 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\Desktop\codecheck.exe
[2013/04/02 11:37:48 | 000,681,984 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\Desktop\CKScanner (1).exe
[2013/04/02 11:34:38 | 000,021,792 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\Desktop\Accenture Entry Level Management Consulting Development Program Business Analyst.pdf
[2013/04/02 11:33:18 | 000,065,900 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\Desktop\RES-Clarence Booth-2013.pdf
[2013/04/02 11:26:52 | 000,201,092 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\My Documents\Clarence Booth_Accenture CV (1).pdf
[2013/04/02 11:14:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SmartSoft PDF Printer Port
[2013/04/02 05:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/04/01 15:11:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/18 11:53:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/16 19:49:27 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\Start Menu\Programs\StartUp\EvernoteClipper.lnk
[2013/03/16 19:36:17 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\Desktop\Evernote.lnk
[2013/03/15 17:30:03 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/15 17:29:56 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/15 17:29:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/15 17:29:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/15 17:29:55 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/15 17:29:53 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/03/15 17:29:53 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/03/15 17:21:44 | 000,000,313 | ---- | M] () -- C:\hpqp.ini
[2013/03/15 17:21:29 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2013/03/13 10:06:15 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/13 10:06:13 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/07 21:03:11 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Jennifer Ho\Desktop\*.tmp files -> C:\Documents and Settings\Jennifer Ho\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/02 11:45:27 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Desktop\codecheck.exe
[2013/04/02 11:38:17 | 000,681,984 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Desktop\CKScanner (1).exe
[2013/04/02 11:34:38 | 000,021,792 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Desktop\Accenture Entry Level Management Consulting Development Program Business Analyst.pdf
[2013/04/02 11:33:18 | 000,065,900 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Desktop\RES-Clarence Booth-2013.pdf
[2013/04/02 11:26:47 | 000,201,092 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\My Documents\Clarence Booth_Accenture CV (1).pdf
[2013/04/01 20:13:16 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
[2013/04/01 20:03:51 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2013/03/16 19:49:27 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Start Menu\Programs\StartUp\EvernoteClipper.lnk
[2013/03/16 19:36:16 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Desktop\Evernote.lnk
[2013/03/07 21:12:43 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/03/04 12:47:43 | 000,001,593 | ---- | C] () -- C:\WINDOWS\VPNUnInstall.MIF
[2013/01/21 15:32:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2008/03/28 17:31:46 | 000,002,103 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/03/25 19:03:15 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/17 05:26:03 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/03/27 11:05:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/21 19:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2013/03/16 16:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/07/10 20:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/08 01:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2013/03/16 20:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\WinPatrol
[2010/04/28 20:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\Costco Photo Organizer
[2010/04/28 20:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\Costco Photo Viewer US
[2013/01/21 19:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\Netscape
[2010/04/28 20:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\Printer Info Cache
[2010/04/09 15:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\Smart PDF Creator
[2009/10/21 18:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\Smith Micro
[2013/03/16 17:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\WinPatrol

========== Purity Check ==========



< End of report >
cbooth
Regular Member
 
Posts: 28
Joined: October 30th, 2012, 4:23 pm

Re: Slow processing CPU

Unread postby cbooth » April 3rd, 2013, 1:33 pm

Hi pgmigg -

I uninstalled all but Windows IE 7 and Java Auto Updater as neither was in my list of installed programs.

Here are my answers to the following questions:
Do you have any problems executing the instructions? No
Contents of a OTL.txt log file after OTL Scan run
Contents of a Extras.txt log file after OTL Scan run
Do you see any changes in computer behavior? Hard to say. I usually don't have a problem until I'm about 10 mins into working with a few web pages and programs open at once.
cbooth
Regular Member
 
Posts: 28
Joined: October 30th, 2012, 4:23 pm

Re: Slow processing CPU

Unread postby pgmigg » April 3rd, 2013, 5:35 pm

Hello cbooth,
I uninstalled all but Windows IE 7 and Java Auto Updater as neither was in my list of installed programs.
Good! Don't worry about mentioned stuff - it is OK...
Contents of a Extras.txt log file after OTL Scan run
It looks like you forgot to post it somehow...
Please find the Extras.txt on you Desktop and post the contents in the next reply.
Do you see any changes in computer behavior? Hard to say. I usually don't have a problem until I'm about 10 mins into working with a few web pages and programs open at once.
Actually your computer is definitely old - good one but old unfortunately. It has a minimum amount of operating memory required by Windows XP for running - 512MB, small hard drives - there are two partitions by 30 and 8 GB, etc. Same time your computer has a practically full set of required Windows XP updates after Service Pack 3. Over the years the average consumption of required resources by every day running applications increased and I am not going to wait for any visual improvement of performance here. By the way, we will clean this machine as much as possible and probably you will see some difference in speed. :D Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    [2008/11/27 18:22:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    [2009/08/24 09:24:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\GOOGLE-CJK@PARTNERS.MOZILLA.COM
    File not found (No name found) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.518.0\FIREFOX\EXTENSIONS
    File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    CHR - plugin: Java(TM) Platform SE 6 U38 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.380.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
    O3 - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    
    :Files
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\*.tmp
    C:\Documents and Settings\Jennifer Ho\Desktop\*.tmp
    
    :Commands
    [emptyflash]
    [emptyjava]
    [reboot]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK. It may take a while - please be patient...
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 2.
CCleaner
Please download CCleaner ... © Piriform Ltd. (slim version) and save it to your desktop. CCleaner documentation can be found here...if needed.

To Install CCleaner:
  1. Double click the ccsetup400_slim.exe icon on your desktop.
  2. Press the "Run"...(Security prompt). Select a language...Press "OK" ...button.
  3. Click "Next"...(Welcome screen). Click "I Agree"...(License Agreement).
  4. Click "Next" for default install location.
    The default is set to C:\Program Files\CCleaner. Unless you want it installed elsewhere, just leave it.
  5. Check the "Install Options", you want.
  6. Click "Install". Click "Finish" when prompted.

To Run CCleaner:
  1. Click CCleaner desktop icon or Start Menu item...(depending on install options)
  2. Before first use, check under Options, Advanced, and UNCHECK "Only delete files in Windows Temp folder older than 48 hours".
  3. A pop up box will appear advising this process will permanently delete files from your system.
  4. Select the items to clean up.
      In the Windows Tab:
    • Clean all entries in the "Internet Explorer".
      Note: "Cookies"...box. If checked will require re-entry of user names, passwords on "next" visit to sites that require users log in.
    • Clean all the entries in the "Windows Explorer" section.
    • Clean all entries in the "System" section...except "Start Menu Shortcuts" and "Desktop Shortcuts" uncheck these 2 items.
    • *Uncheck* the "Advanced" section.

      In the Applications Tab:
    • Clean all in the "Firefox/Mozilla" section. (if you use it)
      Firefox Caution: "Saved Form Information"...box. If checked will remove all your saved passwords, if you use that feature.
    • Clean all in the "Google Chrome" section.
      Google Chrome: "Saved Form Information"...box. If checked will remove all your saved passwords, if you use that feature.
    • Clean all in the "Applications" section.
    • Clean all in the "Internet" Section.
    • Clean all in the "Multimedia" section.
    • Clean all in the "Utilities" section.
    • Clean all in the "Windows" section.
  5. Then click the "Analyze" button and it will scan your system. It will be finished with the list of stuff to clean.
  6. Then click the "Run Cleaner" button and it will clean your system.
  7. Close CCleaner when finished.
FYI...You may see some files "marked" for deletion when Windows restarts...this is because they are "in use" by the system and can't be removed until restart.
CAUTION: Please do NOT use the "Registry" button in the left pane.
This is a built-in registry cleaner. Removing certain entries can render your computer inoperable!

Step 3.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS/TDL variants.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of forgotten Extras.txt
  3. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  4. Contents of TDSSKiller report file.
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Slow processing CPU

Unread postby cbooth » April 3rd, 2013, 5:49 pm

here's the Extras Log. Sorry about that. The last message gave instruction to post only the OTL log and later to post Extra: I went with the first.

Here it is, remainder forthcoming:

OTL Extras logfile created on: 4/3/2013 12:09:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jennifer Ho\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.05 Mb Total Physical Memory | 199.90 Mb Available Physical Memory | 39.82% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 71.39% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.23 Gb Total Space | 9.26 Gb Free Space | 31.66% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 1.12 Gb Free Space | 14.01% Space Free | Partition Type: FAT32

Computer Name: JENNIFERHO | User Name: Jennifer Ho | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1"

[HKEY_USERS\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1"
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Tudou\iTudou\iTudou.exe" = C:\Program Files\Tudou\iTudou\iTudou.exe:*:Enabled:iTudou
"C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe" = C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe:*:Enabled:??Tudou
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Hp\HP Software Update\HPWUCli.exe" = C:\Program Files\Hp\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1213EA57-5EE7-4DD7-9801-F4EF39DD3AE5}" = WinWay Resume - Express Edition
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 E2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}" = Evernote v. 4.6.3
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{65AB08A4-56A4-4362-A9E7-F0A8D8901F80}" = WModem Driver Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{DA846E79-1C13-4AB0-8DEB-77935469CD9A}" = Mobile Broadband Generic Drivers
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E74E3D81-773B-4DCF-B706-50236F80BD81}" = HP User Guides 0019
"{EECDDEA0-DB76-4488-8E52-0EF1DF63700A}" = Microsoft IntelliPoint 5.4
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Money2006b" = Microsoft Money 2006
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"Smart PDF Creator_is1" = Smart PDF Creator 5.0.1.343
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2013 5:39:01 PM | Computer Name = JENNIFERHO | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/2/2013 6:20:51 PM | Computer Name = JENNIFERHO | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/2/2013 6:20:51 PM | Computer Name = JENNIFERHO | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET_2.0.50727
(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.

Error - 4/2/2013 6:20:55 PM | Computer Name = JENNIFERHO | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/2/2013 6:20:55 PM | Computer Name = JENNIFERHO | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 4/2/2013 6:20:55 PM | Computer Name = JENNIFERHO | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/2/2013 6:20:55 PM | Computer Name = JENNIFERHO | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.

Error - 4/3/2013 10:27:07 AM | Computer Name = JENNIFERHO | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9302.0, P5 fixed, P6 1 _ 512, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 4/3/2013 11:56:58 AM | Computer Name = JENNIFERHO | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/3/2013 11:56:58 AM | Computer Name = JENNIFERHO | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

[ System Events ]
Error - 4/3/2013 12:53:10 PM | Computer Name = JENNIFERHO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/3/2013 12:53:10 PM | Computer Name = JENNIFERHO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/3/2013 12:53:10 PM | Computer Name = JENNIFERHO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/3/2013 12:53:11 PM | Computer Name = JENNIFERHO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/3/2013 12:53:11 PM | Computer Name = JENNIFERHO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/3/2013 12:53:11 PM | Computer Name = JENNIFERHO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/3/2013 12:53:11 PM | Computer Name = JENNIFERHO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/3/2013 12:53:11 PM | Computer Name = JENNIFERHO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/3/2013 12:53:11 PM | Computer Name = JENNIFERHO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/3/2013 12:53:11 PM | Computer Name = JENNIFERHO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
cbooth
Regular Member
 
Posts: 28
Joined: October 30th, 2012, 4:23 pm

Re: Slow processing CPU

Unread postby pgmigg » April 3rd, 2013, 6:04 pm

Thank you, cbooth! :D

Now I am waiting for all other stuff after last set of steps...

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Slow processing CPU

Unread postby cbooth » April 3rd, 2013, 6:37 pm

OTL logfile created on: 4/3/2013 12:09:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jennifer Ho\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.05 Mb Total Physical Memory | 199.90 Mb Available Physical Memory | 39.82% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 71.39% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.23 Gb Total Space | 9.26 Gb Free Space | 31.66% Space Free | Partition Type: NTFS
Drive D: | 8.01 Gb Total Space | 1.12 Gb Free Space | 14.01% Space Free | Partition Type: FAT32

Computer Name: JENNIFERHO | User Name: Jennifer Ho | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/03 12:05:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Ho\Desktop\OTL.exe
PRC - [2013/03/21 17:50:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/03/15 17:29:59 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/05 14:41:44 | 000,418,024 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/03/02 10:33:04 | 001,086,816 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/23 23:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/21 17:50:32 | 012,662,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
MOD - [2013/03/21 17:49:38 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2012/12/09 20:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/12/23 23:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/15 17:29:59 | 000,170,912 | ---- | M] (Oracle Corporation) [Disabled | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/13 10:06:17 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2009/06/15 17:21:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/06/03 12:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/06/03 12:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/06/03 12:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/06/03 12:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/01/31 15:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/04/18 06:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/02 06:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/01/19 04:18:52 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/19 15:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 15:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 10:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 10:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 10:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/10 04:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:www.google.com
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\SearchScopes,DefaultScope = {1DCE899B-9016-4B5F-9BBA-8CBC709597A4}
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\SearchScopes\{1DCE899B-9016-4B5F-9BBA-8CBC709597A4}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPID_en
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()


[2010/05/16 17:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer Ho\Application Data\Mozilla\Firefox\Profiles\khe8z0gu.default\extensions
[2010/05/16 17:28:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jennifer Ho\Application Data\Mozilla\Firefox\Profiles\khe8z0gu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/26 09:33:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jennifer Ho\Application Data\Mozilla\Firefox\Profiles\khe8z0gu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/03/29 19:22:48 | 000,000,000 | ---D | M] (qtl) -- C:\Documents and Settings\Jennifer Ho\Application Data\Mozilla\Firefox\Profiles\khe8z0gu.default\extensions\qtl.co.il@gmail.com
[2010/07/11 18:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/15 23:16:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/08/03 20:23:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/11/27 18:22:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/08/24 09:24:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\GOOGLE-CJK@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.518.0\FIREFOX\EXTENSIONS
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/06/11 15:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U38 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.380.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Turn Off the Lights = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.33_0\
CHR - Extension: YouTube = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: OneClick Cleaner App = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oadiaahhieelhhffeofkdchgfpjehjok\0.9.1.1_0\
CHR - Extension: Evernote Web Clipper = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.12_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\Jennifer Ho\Start Menu\Programs\StartUp\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3252391570-3096581921-3337789299-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7ABE4F-B001-462A-85D6-08922E85638D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/01/27 14:38:00 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{7746862b-bf65-11de-a752-0014a5ad9612}\Shell - "" = AutoRun
O33 - MountPoints2\{7746862b-bf65-11de-a752-0014a5ad9612}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7746862b-bf65-11de-a752-0014a5ad9612}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{ff8ad21f-89f8-11e2-aa0f-0014a5ad9612}\Shell - "" = AutoRun
O33 - MountPoints2\{ff8ad21f-89f8-11e2-aa0f-0014a5ad9612}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff8ad21f-89f8-11e2-aa0f-0014a5ad9612}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/03 12:05:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Ho\Desktop\OTL.exe
[2013/04/02 17:14:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013/04/02 17:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/04/02 17:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/04/02 17:13:20 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2013/04/02 17:13:20 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2013/04/02 17:13:18 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2013/04/02 17:13:18 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2013/04/02 17:13:17 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2013/04/02 17:13:17 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2013/04/02 17:13:16 | 000,000,000 | ---D | C] -- C:\d34593949f506c4015eb82d0
[2013/04/01 18:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/03/20 16:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Sun
[2013/03/18 13:52:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/03/18 11:42:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2013/03/18 11:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2013/03/18 10:47:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jennifer Ho\My Documents\My Videos
[2013/03/18 10:47:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jennifer Ho\Start Menu\Programs\Administrative Tools
[2013/03/16 19:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\Evernote
[2013/03/16 19:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Evernote
[2013/03/16 19:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Evernote
[2013/03/16 17:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Ho\Application Data\WinPatrol
[2013/03/16 16:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
[2013/03/16 16:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2013/03/16 16:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/03/15 17:30:34 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/15 17:30:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/15 17:30:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/15 17:30:26 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/04 14:31:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/03/04 14:31:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2013/03/04 14:31:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/03/04 13:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Ho\Desktop\Amy Personal Development
[2013/03/04 13:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Ho\My Documents\Downloads
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Jennifer Ho\Desktop\*.tmp files -> C:\Documents and Settings\Jennifer Ho\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/03 12:05:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Ho\Desktop\OTL.exe
[2013/04/03 12:04:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/03 10:57:04 | 000,164,102 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/03 10:57:04 | 000,115,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/03 09:54:15 | 000,001,593 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF
[2013/04/03 09:51:06 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/03 09:51:04 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/03 08:38:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/02 17:35:03 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/02 17:24:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/02 17:24:51 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/02 17:24:51 | 000,382,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/02 11:45:19 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\Desktop\codecheck.exe
[2013/04/02 11:37:48 | 000,681,984 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\Desktop\CKScanner (1).exe
[2013/04/02 11:34:38 | 000,021,792 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\Desktop\Accenture Entry Level Management Consulting Development Program Business Analyst.pdf
[2013/04/02 11:33:18 | 000,065,900 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\Desktop\RES-Clarence Booth-2013.pdf
[2013/04/02 11:26:52 | 000,201,092 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\My Documents\Clarence Booth_Accenture CV (1).pdf
[2013/04/02 11:14:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SmartSoft PDF Printer Port
[2013/04/02 05:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/04/01 15:11:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/18 11:53:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/16 19:49:27 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\Start Menu\Programs\StartUp\EvernoteClipper.lnk
[2013/03/16 19:36:17 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\Jennifer Ho\Desktop\Evernote.lnk
[2013/03/15 17:30:03 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/15 17:29:56 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/15 17:29:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/15 17:29:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/15 17:29:55 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/15 17:29:53 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/03/15 17:29:53 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/03/15 17:21:44 | 000,000,313 | ---- | M] () -- C:\hpqp.ini
[2013/03/15 17:21:29 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2013/03/13 10:06:15 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/13 10:06:13 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/07 21:03:11 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Jennifer Ho\Desktop\*.tmp files -> C:\Documents and Settings\Jennifer Ho\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/02 11:45:27 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Desktop\codecheck.exe
[2013/04/02 11:38:17 | 000,681,984 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Desktop\CKScanner (1).exe
[2013/04/02 11:34:38 | 000,021,792 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Desktop\Accenture Entry Level Management Consulting Development Program Business Analyst.pdf
[2013/04/02 11:33:18 | 000,065,900 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Desktop\RES-Clarence Booth-2013.pdf
[2013/04/02 11:26:47 | 000,201,092 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\My Documents\Clarence Booth_Accenture CV (1).pdf
[2013/04/01 20:13:16 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
[2013/04/01 20:03:51 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2013/03/16 19:49:27 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Start Menu\Programs\StartUp\EvernoteClipper.lnk
[2013/03/16 19:36:16 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Desktop\Evernote.lnk
[2013/03/07 21:12:43 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/03/04 12:47:43 | 000,001,593 | ---- | C] () -- C:\WINDOWS\VPNUnInstall.MIF
[2013/01/21 15:32:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2008/03/28 17:31:46 | 000,002,103 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/03/25 19:03:15 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/17 05:26:03 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Jennifer Ho\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/03/27 11:05:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/21 19:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2013/03/16 16:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/07/10 20:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/08 01:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2013/03/16 20:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\WinPatrol
[2010/04/28 20:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\Costco Photo Organizer
[2010/04/28 20:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\Costco Photo Viewer US
[2013/01/21 19:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\Netscape
[2010/04/28 20:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\Printer Info Cache
[2010/04/09 15:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\Smart PDF Creator
[2009/10/21 18:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\Smith Micro
[2013/03/16 17:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Ho\Application Data\WinPatrol

========== Purity Check ==========



< End of report >
cbooth
Regular Member
 
Posts: 28
Joined: October 30th, 2012, 4:23 pm

Re: Slow processing CPU

Unread postby cbooth » April 3rd, 2013, 6:41 pm

17:38:43.0140 3028 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:38:43.0671 3028 ============================================================
17:38:43.0671 3028 Current date / time: 2013/04/03 17:38:43.0671
17:38:43.0671 3028 SystemInfo:
17:38:43.0671 3028
17:38:43.0671 3028 OS Version: 5.1.2600 ServicePack: 3.0
17:38:43.0671 3028 Product type: Workstation
17:38:43.0671 3028 ComputerName: JENNIFERHO
17:38:43.0671 3028 UserName: Jennifer Ho
17:38:43.0671 3028 Windows directory: C:\WINDOWS
17:38:43.0671 3028 System windows directory: C:\WINDOWS
17:38:43.0671 3028 Processor architecture: Intel x86
17:38:43.0671 3028 Number of processors: 1
17:38:43.0671 3028 Page size: 0x1000
17:38:43.0671 3028 Boot type: Normal boot
17:38:43.0671 3028 ============================================================
17:38:45.0125 3028 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:38:45.0125 3028 ============================================================
17:38:45.0140 3028 \Device\Harddisk0\DR0:
17:38:45.0140 3028 MBR partitions:
17:38:45.0140 3028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A76CA9
17:38:45.0140 3028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x3A7ABA9, BlocksNum 0x100E618
17:38:45.0140 3028 ============================================================
17:38:45.0140 3028 C: <-> \Device\Harddisk0\DR0\Partition1
17:38:45.0171 3028 D: <-> \Device\Harddisk0\DR0\Partition2
17:38:45.0171 3028 ============================================================
17:38:45.0171 3028 Initialize success
17:38:45.0171 3028 ============================================================
17:38:47.0312 3796 ============================================================
17:38:47.0312 3796 Scan started
17:38:47.0312 3796 Mode: Manual;
17:38:47.0312 3796 ============================================================
17:38:47.0375 3796 ================ Scan system memory ========================
17:38:47.0375 3796 System memory - ok
17:38:47.0375 3796 ================ Scan services =============================
17:38:47.0546 3796 Abiosdsk - ok
17:38:47.0578 3796 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:38:47.0578 3796 abp480n5 - ok
17:38:47.0625 3796 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:38:47.0625 3796 ACPI - ok
17:38:47.0671 3796 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:38:47.0671 3796 ACPIEC - ok
17:38:47.0734 3796 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:38:47.0750 3796 AdobeFlashPlayerUpdateSvc - ok
17:38:47.0781 3796 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:38:47.0781 3796 adpu160m - ok
17:38:47.0828 3796 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:38:47.0828 3796 aec - ok
17:38:47.0875 3796 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:38:47.0875 3796 AFD - ok
17:38:47.0937 3796 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:38:47.0937 3796 agp440 - ok
17:38:47.0953 3796 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:38:47.0968 3796 agpCPQ - ok
17:38:47.0968 3796 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:38:47.0984 3796 Aha154x - ok
17:38:48.0015 3796 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:38:48.0015 3796 aic78u2 - ok
17:38:48.0031 3796 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:38:48.0031 3796 aic78xx - ok
17:38:48.0093 3796 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:38:48.0109 3796 Alerter - ok
17:38:48.0125 3796 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:38:48.0125 3796 ALG - ok
17:38:48.0140 3796 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
17:38:48.0140 3796 AliIde - ok
17:38:48.0156 3796 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:38:48.0156 3796 alim1541 - ok
17:38:48.0203 3796 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:38:48.0203 3796 amdagp - ok
17:38:48.0234 3796 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
17:38:48.0234 3796 amsint - ok
17:38:48.0250 3796 AppMgmt - ok
17:38:48.0281 3796 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:38:48.0281 3796 Arp1394 - ok
17:38:48.0296 3796 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
17:38:48.0296 3796 asc - ok
17:38:48.0328 3796 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:38:48.0328 3796 asc3350p - ok
17:38:48.0343 3796 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:38:48.0343 3796 asc3550 - ok
17:38:48.0453 3796 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:38:48.0453 3796 aspnet_state - ok
17:38:48.0484 3796 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:38:48.0484 3796 AsyncMac - ok
17:38:48.0546 3796 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:38:48.0546 3796 atapi - ok
17:38:48.0562 3796 Atdisk - ok
17:38:48.0593 3796 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:38:48.0593 3796 Atmarpc - ok
17:38:48.0625 3796 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:38:48.0625 3796 AudioSrv - ok
17:38:48.0671 3796 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:38:48.0671 3796 audstub - ok
17:38:48.0750 3796 [ 69F940672BE0ECEE5BD1E905706BA8CE ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:38:48.0750 3796 BCM43XX - ok
17:38:48.0765 3796 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:38:48.0765 3796 Beep - ok
17:38:48.0843 3796 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:38:48.0843 3796 BITS - ok
17:38:48.0890 3796 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:38:48.0906 3796 Browser - ok
17:38:48.0937 3796 [ 7024E11DAB9410B31A37547575249DD7 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
17:38:48.0937 3796 BTWUSB - ok
17:38:48.0953 3796 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:38:48.0953 3796 cbidf - ok
17:38:48.0968 3796 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:38:48.0968 3796 cbidf2k - ok
17:38:48.0984 3796 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:38:48.0984 3796 cd20xrnt - ok
17:38:49.0000 3796 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:38:49.0000 3796 Cdaudio - ok
17:38:49.0078 3796 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:38:49.0078 3796 Cdfs - ok
17:38:49.0093 3796 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:38:49.0109 3796 Cdrom - ok
17:38:49.0109 3796 Changer - ok
17:38:49.0171 3796 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:38:49.0171 3796 CiSvc - ok
17:38:49.0218 3796 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:38:49.0234 3796 ClipSrv - ok
17:38:49.0265 3796 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:38:49.0265 3796 clr_optimization_v2.0.50727_32 - ok
17:38:49.0296 3796 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:38:49.0296 3796 CmBatt - ok
17:38:49.0328 3796 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:38:49.0328 3796 CmdIde - ok
17:38:49.0359 3796 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:38:49.0359 3796 Compbatt - ok
17:38:49.0375 3796 COMSysApp - ok
17:38:49.0406 3796 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:38:49.0406 3796 Cpqarray - ok
17:38:49.0421 3796 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:38:49.0421 3796 CryptSvc - ok
17:38:49.0468 3796 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
17:38:49.0468 3796 CVirtA - ok
17:38:49.0515 3796 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:38:49.0515 3796 dac2w2k - ok
17:38:49.0546 3796 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:38:49.0546 3796 dac960nt - ok
17:38:49.0625 3796 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:38:49.0625 3796 DcomLaunch - ok
17:38:49.0687 3796 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:38:49.0687 3796 Dhcp - ok
17:38:49.0703 3796 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:38:49.0703 3796 Disk - ok
17:38:49.0718 3796 dmadmin - ok
17:38:49.0828 3796 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:38:49.0843 3796 dmboot - ok
17:38:49.0921 3796 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:38:49.0921 3796 dmio - ok
17:38:49.0953 3796 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:38:49.0953 3796 dmload - ok
17:38:50.0015 3796 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:38:50.0031 3796 dmserver - ok
17:38:50.0046 3796 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:38:50.0046 3796 DMusic - ok
17:38:50.0093 3796 [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
17:38:50.0093 3796 DNE - ok
17:38:50.0125 3796 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:38:50.0125 3796 Dnscache - ok
17:38:50.0187 3796 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:38:50.0203 3796 Dot3svc - ok
17:38:50.0218 3796 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:38:50.0218 3796 dpti2o - ok
17:38:50.0250 3796 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:38:50.0250 3796 drmkaud - ok
17:38:50.0296 3796 [ 6CA101F9AA3D845BA31F6E13C01301A8 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:38:50.0296 3796 E100B - ok
17:38:50.0343 3796 [ B5CB3084046146FD2587D8C9B219FEB4 ] eabfiltr C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
17:38:50.0343 3796 eabfiltr - ok
17:38:50.0375 3796 [ 231F4547AE1E4B3E60ECA66C3A96D218 ] eabusb C:\WINDOWS\system32\DRIVERS\eabusb.sys
17:38:50.0375 3796 eabusb - ok
17:38:50.0406 3796 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:38:50.0406 3796 EapHost - ok
17:38:50.0468 3796 [ F9472131367D39435D750F5FA3D23582 ] Eplpdx02 C:\WINDOWS\system32\Drivers\EPLPDX02.SYS
17:38:50.0468 3796 Eplpdx02 - ok
17:38:50.0531 3796 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:38:50.0531 3796 ERSvc - ok
17:38:50.0578 3796 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:38:50.0578 3796 Eventlog - ok
17:38:50.0640 3796 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:38:50.0656 3796 EventSystem - ok
17:38:50.0718 3796 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:38:50.0718 3796 Fastfat - ok
17:38:50.0796 3796 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:38:50.0812 3796 FastUserSwitchingCompatibility - ok
17:38:50.0875 3796 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:38:50.0875 3796 Fdc - ok
17:38:50.0906 3796 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:38:50.0906 3796 Fips - ok
17:38:50.0921 3796 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:38:50.0921 3796 Flpydisk - ok
17:38:50.0953 3796 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:38:50.0953 3796 FltMgr - ok
17:38:51.0031 3796 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:38:51.0046 3796 FontCache3.0.0.0 - ok
17:38:51.0078 3796 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:38:51.0078 3796 Fs_Rec - ok
17:38:51.0093 3796 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:38:51.0093 3796 Ftdisk - ok
17:38:51.0156 3796 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:38:51.0156 3796 GEARAspiWDM - ok
17:38:51.0171 3796 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:38:51.0171 3796 Gpc - ok
17:38:51.0265 3796 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:38:51.0265 3796 gupdate - ok
17:38:51.0281 3796 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:38:51.0281 3796 gupdatem - ok
17:38:51.0296 3796 gusvc - ok
17:38:51.0312 3796 [ 4D4D97671C63C3AF869B3518E6054204 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
17:38:51.0312 3796 HBtnKey - ok
17:38:51.0390 3796 [ BB42BB78BBBC1E83292EF26973598DAF ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys
17:38:51.0406 3796 HdAudAddService - ok
17:38:51.0515 3796 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:38:51.0515 3796 HDAudBus - ok
17:38:51.0625 3796 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:38:51.0625 3796 helpsvc - ok
17:38:51.0687 3796 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:38:51.0687 3796 HidServ - ok
17:38:51.0703 3796 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:38:51.0703 3796 HidUsb - ok
17:38:51.0765 3796 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:38:51.0781 3796 hkmsvc - ok
17:38:51.0843 3796 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
17:38:51.0843 3796 hpn - ok
17:38:51.0906 3796 [ 2C565B24C56577E824436427DF01B4E2 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
17:38:51.0906 3796 hpqwmiex - ok
17:38:51.0953 3796 [ 89E256C5F5346BE265D9F86AC8625D4F ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:38:51.0953 3796 HSFHWAZL - ok
17:38:52.0015 3796 [ 0E44AF3828111D4C3E73C33AC95226D8 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:38:52.0015 3796 HSF_DPV - ok
17:38:52.0093 3796 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:38:52.0093 3796 HTTP - ok
17:38:52.0125 3796 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:38:52.0125 3796 HTTPFilter - ok
17:38:52.0140 3796 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
17:38:52.0140 3796 i2omgmt - ok
17:38:52.0203 3796 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:38:52.0203 3796 i2omp - ok
17:38:52.0234 3796 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:38:52.0234 3796 i8042prt - ok
17:38:52.0328 3796 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:38:52.0343 3796 ialm - ok
17:38:52.0406 3796 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
17:38:52.0421 3796 iaStor - ok
17:38:52.0500 3796 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:38:52.0500 3796 IDriverT - ok
17:38:52.0609 3796 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:38:52.0625 3796 idsvc - ok
17:38:52.0640 3796 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:38:52.0640 3796 Imapi - ok
17:38:52.0687 3796 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:38:52.0687 3796 ImapiService - ok
17:38:52.0718 3796 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:38:52.0718 3796 ini910u - ok
17:38:52.0765 3796 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:38:52.0765 3796 IntelIde - ok
17:38:52.0859 3796 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:38:52.0859 3796 intelppm - ok
17:38:52.0890 3796 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:38:52.0890 3796 Ip6Fw - ok
17:38:52.0921 3796 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:38:52.0921 3796 IpFilterDriver - ok
17:38:52.0984 3796 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:38:52.0984 3796 IpInIp - ok
17:38:53.0015 3796 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:38:53.0015 3796 IpNat - ok
17:38:53.0078 3796 [ 32CDEDD15E2D1A557CD54552AE78FF86 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:38:53.0078 3796 iPod Service - ok
17:38:53.0109 3796 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:38:53.0109 3796 IPSec - ok
17:38:53.0140 3796 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:38:53.0140 3796 IRENUM - ok
17:38:53.0171 3796 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:38:53.0171 3796 isapnp - ok
17:38:53.0187 3796 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:38:53.0187 3796 Kbdclass - ok
17:38:53.0218 3796 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:38:53.0218 3796 kbdhid - ok
17:38:53.0234 3796 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:38:53.0234 3796 kmixer - ok
17:38:53.0296 3796 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:38:53.0296 3796 KSecDD - ok
17:38:53.0328 3796 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:38:53.0343 3796 lanmanserver - ok
17:38:53.0390 3796 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:38:53.0390 3796 lanmanworkstation - ok
17:38:53.0406 3796 lbrtfdc - ok
17:38:53.0484 3796 [ AB8134127F786C9603817B5318DCEEAA ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:38:53.0484 3796 LightScribeService - ok
17:38:53.0546 3796 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:38:53.0546 3796 LmHosts - ok
17:38:53.0593 3796 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:38:53.0593 3796 MDM - ok
17:38:53.0625 3796 [ 74F4372AF97A587ECEC527EC34955712 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:38:53.0625 3796 mdmxsdk - ok
17:38:53.0656 3796 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:38:53.0656 3796 Messenger - ok
17:38:53.0703 3796 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:38:53.0703 3796 mnmdd - ok
17:38:53.0750 3796 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:38:53.0750 3796 mnmsrvc - ok
17:38:53.0765 3796 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:38:53.0781 3796 Modem - ok
17:38:53.0796 3796 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:38:53.0796 3796 Mouclass - ok
17:38:53.0828 3796 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:38:53.0828 3796 mouhid - ok
17:38:53.0859 3796 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:38:53.0859 3796 MountMgr - ok
17:38:53.0906 3796 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:38:53.0906 3796 MpFilter - ok
17:38:54.0062 3796 [ A69630D039C38018689190234F866D77 ] MpKsl0f113d2a c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{189DADC4-32DC-4F55-9745-B5AEC11AD21F}\MpKsl0f113d2a.sys
17:38:54.0062 3796 MpKsl0f113d2a - ok
17:38:54.0093 3796 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:38:54.0093 3796 mraid35x - ok
17:38:54.0140 3796 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:38:54.0140 3796 MRxDAV - ok
17:38:54.0187 3796 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:38:54.0203 3796 MRxSmb - ok
17:38:54.0250 3796 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:38:54.0265 3796 MSDTC - ok
17:38:54.0281 3796 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:38:54.0281 3796 Msfs - ok
17:38:54.0296 3796 MSIServer - ok
17:38:54.0312 3796 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:38:54.0328 3796 MSKSSRV - ok
17:38:54.0421 3796 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:38:54.0421 3796 MsMpSvc - ok
17:38:54.0437 3796 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:38:54.0437 3796 MSPCLOCK - ok
17:38:54.0468 3796 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:38:54.0468 3796 MSPQM - ok
17:38:54.0515 3796 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:38:54.0515 3796 mssmbios - ok
17:38:54.0562 3796 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:38:54.0562 3796 Mup - ok
17:38:54.0656 3796 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:38:54.0656 3796 napagent - ok
17:38:54.0671 3796 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:38:54.0671 3796 NDIS - ok
17:38:54.0718 3796 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:38:54.0718 3796 NdisTapi - ok
17:38:54.0750 3796 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:38:54.0750 3796 Ndisuio - ok
17:38:54.0750 3796 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:38:54.0750 3796 NdisWan - ok
17:38:54.0796 3796 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:38:54.0796 3796 NDProxy - ok
17:38:54.0828 3796 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:38:54.0828 3796 NetBIOS - ok
17:38:54.0859 3796 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:38:54.0859 3796 NetBT - ok
17:38:54.0921 3796 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:38:54.0921 3796 NetDDE - ok
17:38:54.0937 3796 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:38:54.0937 3796 NetDDEdsdm - ok
17:38:54.0984 3796 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:38:55.0000 3796 Netlogon - ok
17:38:55.0015 3796 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:38:55.0015 3796 Netman - ok
17:38:55.0093 3796 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:38:55.0093 3796 NetTcpPortSharing - ok
17:38:55.0125 3796 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:38:55.0125 3796 NIC1394 - ok
17:38:55.0187 3796 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
17:38:55.0187 3796 Nla - ok
17:38:55.0203 3796 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:38:55.0218 3796 Npfs - ok
17:38:55.0296 3796 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:38:55.0312 3796 Ntfs - ok
17:38:55.0312 3796 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:38:55.0312 3796 NtLmSsp - ok
17:38:55.0359 3796 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:38:55.0359 3796 NtmsSvc - ok
17:38:55.0406 3796 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:38:55.0406 3796 Null - ok
17:38:55.0484 3796 [ 8261CA50939F83B87C0E474C51C8EF67 ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
17:38:55.0484 3796 NWADI - ok
17:38:55.0515 3796 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:38:55.0515 3796 NwlnkFlt - ok
17:38:55.0531 3796 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:38:55.0546 3796 NwlnkFwd - ok
17:38:55.0609 3796 [ 1FDE5B2D61D97D803594DF4B3BC28C4B ] NWUSBCDFIL C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
17:38:55.0609 3796 NWUSBCDFIL - ok
17:38:55.0671 3796 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBModem C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
17:38:55.0671 3796 NWUSBModem - ok
17:38:55.0765 3796 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort C:\WINDOWS\system32\DRIVERS\nwusbser.sys
17:38:55.0765 3796 NWUSBPort - ok
17:38:55.0796 3796 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort2 C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
17:38:55.0796 3796 NWUSBPort2 - ok
17:38:55.0828 3796 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:38:55.0828 3796 ohci1394 - ok
17:38:55.0875 3796 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:38:55.0875 3796 ose - ok
17:38:55.0937 3796 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:38:55.0937 3796 Parport - ok
17:38:55.0984 3796 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:38:55.0984 3796 PartMgr - ok
17:38:56.0015 3796 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:38:56.0015 3796 ParVdm - ok
17:38:56.0031 3796 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:38:56.0031 3796 PCI - ok
17:38:56.0046 3796 PCIDump - ok
17:38:56.0078 3796 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:38:56.0078 3796 PCIIde - ok
17:38:56.0093 3796 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:38:56.0093 3796 Pcmcia - ok
17:38:56.0109 3796 PDCOMP - ok
17:38:56.0125 3796 PDFRAME - ok
17:38:56.0140 3796 PDRELI - ok
17:38:56.0140 3796 PDRFRAME - ok
17:38:56.0171 3796 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
17:38:56.0187 3796 perc2 - ok
17:38:56.0203 3796 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:38:56.0203 3796 perc2hib - ok
17:38:56.0265 3796 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:38:56.0265 3796 PlugPlay - ok
17:38:56.0296 3796 [ F754B09A839719575328F707693A919D ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
17:38:56.0312 3796 Point32 - ok
17:38:56.0312 3796 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:38:56.0312 3796 PolicyAgent - ok
17:38:56.0343 3796 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:38:56.0343 3796 PptpMiniport - ok
17:38:56.0359 3796 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:38:56.0359 3796 ProtectedStorage - ok
17:38:56.0390 3796 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:38:56.0390 3796 PSched - ok
17:38:56.0406 3796 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:38:56.0406 3796 Ptilink - ok
17:38:56.0421 3796 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:38:56.0421 3796 PxHelp20 - ok
17:38:56.0453 3796 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:38:56.0453 3796 ql1080 - ok
17:38:56.0468 3796 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:38:56.0468 3796 Ql10wnt - ok
17:38:56.0484 3796 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:38:56.0484 3796 ql12160 - ok
17:38:56.0500 3796 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:38:56.0500 3796 ql1240 - ok
17:38:56.0515 3796 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:38:56.0515 3796 ql1280 - ok
17:38:56.0531 3796 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:38:56.0531 3796 RasAcd - ok
17:38:56.0578 3796 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:38:56.0593 3796 RasAuto - ok
17:38:56.0609 3796 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:38:56.0609 3796 Rasl2tp - ok
17:38:56.0671 3796 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:38:56.0671 3796 RasMan - ok
17:38:56.0687 3796 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:38:56.0687 3796 RasPppoe - ok
17:38:56.0718 3796 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:38:56.0718 3796 Raspti - ok
17:38:56.0750 3796 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:38:56.0750 3796 Rdbss - ok
17:38:56.0765 3796 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:38:56.0765 3796 RDPCDD - ok
17:38:56.0843 3796 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:38:56.0843 3796 rdpdr - ok
17:38:56.0906 3796 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:38:56.0906 3796 RDPWD - ok
17:38:56.0968 3796 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:38:56.0984 3796 RDSessMgr - ok
17:38:57.0015 3796 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:38:57.0015 3796 redbook - ok
17:38:57.0078 3796 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:38:57.0078 3796 RemoteAccess - ok
17:38:57.0109 3796 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:38:57.0109 3796 RpcLocator - ok
17:38:57.0171 3796 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:38:57.0171 3796 RpcSs - ok
17:38:57.0218 3796 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:38:57.0218 3796 RSVP - ok
17:38:57.0250 3796 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:38:57.0250 3796 rtl8139 - ok
17:38:57.0281 3796 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:38:57.0281 3796 SamSs - ok
17:38:57.0312 3796 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:38:57.0312 3796 SCardSvr - ok
17:38:57.0375 3796 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:38:57.0375 3796 Schedule - ok
17:38:57.0437 3796 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:38:57.0437 3796 sdbus - ok
17:38:57.0500 3796 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:38:57.0500 3796 Secdrv - ok
17:38:57.0515 3796 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:38:57.0515 3796 seclogon - ok
17:38:57.0546 3796 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:38:57.0546 3796 SENS - ok
17:38:57.0593 3796 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:38:57.0593 3796 Serial - ok
17:38:57.0625 3796 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:38:57.0625 3796 Sfloppy - ok
17:38:57.0703 3796 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:38:57.0718 3796 SharedAccess - ok
17:38:57.0734 3796 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:38:57.0734 3796 ShellHWDetection - ok
17:38:57.0750 3796 Simbad - ok
17:38:57.0781 3796 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:38:57.0781 3796 sisagp - ok
17:38:57.0796 3796 SMNDIS5 - ok
17:38:57.0843 3796 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:38:57.0843 3796 Sparrow - ok
17:38:57.0875 3796 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:38:57.0875 3796 splitter - ok
17:38:57.0937 3796 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:38:57.0937 3796 Spooler - ok
17:38:57.0968 3796 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:38:57.0984 3796 sr - ok
17:38:58.0046 3796 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:38:58.0062 3796 srservice - ok
17:38:58.0109 3796 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:38:58.0109 3796 Srv - ok
17:38:58.0140 3796 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:38:58.0140 3796 SSDPSRV - ok
17:38:58.0187 3796 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
17:38:58.0187 3796 StillCam - ok
17:38:58.0250 3796 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:38:58.0265 3796 stisvc - ok
17:38:58.0296 3796 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:38:58.0296 3796 swenum - ok
17:38:58.0328 3796 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:38:58.0328 3796 swmidi - ok
17:38:58.0359 3796 SwPrv - ok
17:38:58.0390 3796 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
17:38:58.0390 3796 symc810 - ok
17:38:58.0406 3796 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:38:58.0406 3796 symc8xx - ok
17:38:58.0421 3796 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:38:58.0421 3796 sym_hi - ok
17:38:58.0437 3796 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:38:58.0437 3796 sym_u3 - ok
17:38:58.0500 3796 [ C9A1785CC0D7A040DD0FDBFEAA8BE135 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:38:58.0500 3796 SynTP - ok
17:38:58.0515 3796 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:38:58.0515 3796 sysaudio - ok
17:38:58.0546 3796 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:38:58.0546 3796 SysmonLog - ok
17:38:58.0625 3796 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:38:58.0625 3796 TapiSrv - ok
17:38:58.0703 3796 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:38:58.0703 3796 Tcpip - ok
17:38:58.0718 3796 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:38:58.0718 3796 TDPIPE - ok
17:38:58.0750 3796 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:38:58.0750 3796 TDTCP - ok
17:38:58.0765 3796 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:38:58.0765 3796 TermDD - ok
17:38:58.0812 3796 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:38:58.0812 3796 TermService - ok
17:38:58.0843 3796 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:38:58.0843 3796 Themes - ok
17:38:58.0890 3796 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
17:38:58.0890 3796 TosIde - ok
17:38:58.0921 3796 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:38:58.0921 3796 TrkWks - ok
17:38:58.0984 3796 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:38:58.0984 3796 Udfs - ok
17:38:59.0000 3796 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
17:38:59.0000 3796 ultra - ok
17:38:59.0078 3796 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:38:59.0078 3796 Update - ok
17:38:59.0140 3796 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:38:59.0140 3796 upnphost - ok
17:38:59.0156 3796 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:38:59.0156 3796 UPS - ok
17:38:59.0218 3796 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:38:59.0218 3796 usbccgp - ok
17:38:59.0250 3796 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:38:59.0250 3796 usbehci - ok
17:38:59.0265 3796 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:38:59.0281 3796 usbhub - ok
17:38:59.0328 3796 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:38:59.0328 3796 usbprint - ok
17:38:59.0343 3796 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:38:59.0359 3796 usbscan - ok
17:38:59.0390 3796 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:38:59.0390 3796 USBSTOR - ok
17:38:59.0406 3796 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:38:59.0406 3796 usbuhci - ok
17:38:59.0437 3796 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:38:59.0437 3796 VgaSave - ok
17:38:59.0468 3796 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:38:59.0484 3796 viaagp - ok
17:38:59.0546 3796 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:38:59.0546 3796 ViaIde - ok
17:38:59.0562 3796 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:38:59.0562 3796 VolSnap - ok
17:38:59.0578 3796 vsdatant - ok
17:38:59.0625 3796 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:38:59.0625 3796 VSS - ok
17:38:59.0687 3796 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:38:59.0687 3796 W32Time - ok
17:38:59.0703 3796 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:38:59.0703 3796 Wanarp - ok
17:38:59.0718 3796 WDICA - ok
17:38:59.0750 3796 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:38:59.0750 3796 wdmaud - ok
17:38:59.0765 3796 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:38:59.0781 3796 WebClient - ok
17:38:59.0828 3796 [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:38:59.0843 3796 winachsf - ok
17:38:59.0968 3796 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:38:59.0968 3796 winmgmt - ok
17:39:00.0046 3796 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:39:00.0062 3796 WmdmPmSN - ok
17:39:00.0093 3796 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:39:00.0093 3796 WmiAcpi - ok
17:39:00.0140 3796 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:39:00.0140 3796 WmiApSrv - ok
17:39:00.0265 3796 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:39:00.0265 3796 WMPNetworkSvc - ok
17:39:00.0296 3796 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:39:00.0296 3796 WpdUsb - ok
17:39:00.0375 3796 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:39:00.0375 3796 wscsvc - ok
17:39:00.0406 3796 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:39:00.0406 3796 wuauserv - ok
17:39:00.0453 3796 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:39:00.0453 3796 WudfPf - ok
17:39:00.0484 3796 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:39:00.0484 3796 WudfRd - ok
17:39:00.0531 3796 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:39:00.0531 3796 WudfSvc - ok
17:39:00.0593 3796 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:39:00.0609 3796 WZCSVC - ok
17:39:00.0656 3796 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:39:00.0656 3796 xmlprov - ok
17:39:00.0671 3796 ================ Scan global ===============================
17:39:00.0718 3796 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:39:00.0765 3796 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:39:00.0796 3796 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:39:00.0828 3796 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:39:00.0828 3796 [Global] - ok
17:39:00.0828 3796 ================ Scan MBR ==================================
17:39:00.0859 3796 [ 5AE5A393505CFFD37FE98C4A7922908D ] \Device\Harddisk0\DR0
17:39:01.0078 3796 \Device\Harddisk0\DR0 - ok
17:39:01.0078 3796 ================ Scan VBR ==================================
17:39:01.0093 3796 [ 953153239F79E0FA71C7CC784CA70014 ] \Device\Harddisk0\DR0\Partition1
17:39:01.0093 3796 \Device\Harddisk0\DR0\Partition1 - ok
17:39:01.0109 3796 [ 5AAA0FACED50240ECD042F43D8DF2DA4 ] \Device\Harddisk0\DR0\Partition2
17:39:01.0109 3796 \Device\Harddisk0\DR0\Partition2 - ok
17:39:01.0109 3796 ============================================================
17:39:01.0109 3796 Scan finished
17:39:01.0109 3796 ============================================================
17:39:01.0140 3788 Detected object count: 0
17:39:01.0140 3788 Actual detected object count: 0
cbooth
Regular Member
 
Posts: 28
Joined: October 30th, 2012, 4:23 pm

Re: Slow processing CPU

Unread postby pgmigg » April 4th, 2013, 1:34 am

Hello cbooth,

Unfortunately you posted the first OTL.txt log second time instead of C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run - please find and post it in your next reply.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Slow processing CPU

Unread postby cbooth » April 7th, 2013, 5:36 pm

Hi pgmigg,

Sorry about that as well as the delayed response, I didn't get the normal email notification. Here is the correct log (I hope).

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} folder moved successfully.
File C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\WINDOWS\system32\npdeployJava1.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3252391570-3096581921-3337789299-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3252391570-3096581921-3337789299-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET5B.tmp moved successfully.
C:\WINDOWS\System32\SET60.tmp moved successfully.
C:\WINDOWS\000001_.tmp moved successfully.
C:\WINDOWS\002779_.tmp moved successfully.
C:\Documents and Settings\Jennifer Ho\Desktop\~WRL0005.tmp moved successfully.
C:\Documents and Settings\Jennifer Ho\Desktop\~WRL1771.tmp moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 627 bytes

User: Jennifer Ho
->Flash cache emptied: 564 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: Guest

User: Jennifer Ho
->Java cache emptied: 76011769 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 72.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04032013_170111
cbooth
Regular Member
 
Posts: 28
Joined: October 30th, 2012, 4:23 pm

Re: Slow processing CPU

Unread postby pgmigg » April 8th, 2013, 12:55 am

Hello cbooth,
Sorry about that as well as the delayed response, I didn't get the normal email notification. Here is the correct log (I hope).
I did not receive notification about your post too. :( So, let continue...

Step 1.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Double-click on JRT.exe to run it - the tool will open and start scanning your system.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 2.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the JRT.txt log file
  3. Contents of the C:\Program Files\ESET\EsetOnlineScanner\log.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware