Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Running lots of uneeded processors (Slow PC)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer Running lots of uneeded processors (Slow PC)

Unread postby makem2203 » November 16th, 2009, 7:59 pm

Hello, i was previously following help from your website by a helper, although i had to leave for a few weeks due to family reasons... and well, The Computer has gotten I’d say i little bit better... as i have not had any more BSOD. Although, i do have the quiet frequent PC crashes... Nothing works not even mouse... so i need to then restart it by the power button.

I also seem to have around 13 svchost.exe running in the Taskmanager.. not sure if this is a problem or not, although they are using a hell of allot of memory.

( I also have edited the msconfig to stop some programs from starting on Boot, although this stil doesn't seem to of achived anything)

So, I’m basically having an issue with the main performance of my computer... as it's specs are decent and should be running allot better than it is currently..

Specs (from dxdiag)
----
O/S: Windows Vista, Home Premium.
BIOS: Phoenix - AwardBIOAS v6.00PG
Processor: Intel Core 2 Quad CPU Q6600 @ 2.40GHz
Memory: 3070MB RAM
Page File: 1004MB used, 5341MB availble
----

So, as you can see.. my Quad Core is running like a single core with god knows how many viruses etc..

So please, please help me with any infections i may have, and if it turns out i don't actully have any malware (I wish) then could you prehaps help me on how i could optimizie my Computer to the origanl state it should be? If not, refeer me to someone who can?


Thank you for taking the time to read this, much appritiated.



My Hijack This log is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44:02, on 16/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/56.31/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1956764499
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1956856774
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 6219 bytes
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm
Advertisement
Register to Remove

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby Wingman » November 20th, 2009, 11:30 am

Hello... Welcome to the forum.

My name is Wingman, and I'll be helping you with any malware problems.
The logs I request can take a while to research, so please be patient.

I am currently under the guidance of the MRU teachers, everything I post to you, has been reviewed by them.
This additional review process can add some extra time to my responses...but not too much
.
;)

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. DO NOT run any other fix or removal tools unless instructed to do so!
  3. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
HJT - Uninstall Manager Log
If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
    Please run HijackThis Located in: C:\Program Files\Trend Micro\hijackthis.exe
      If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  1. From the Main Menu...Press the "Open the Misc Tools"...button.
  2. Press the "Open Uninstall Manager... button.
  3. Press only the Save List...button.
  4. Press the "Save" button. The file "uninstall_list.txt" will be saved in your HJT folder.
  5. Copy and paste the contents of "uninstall_list.txt' in your next reply.

Step 2.
Please include in your next reply:
  1. HJT uninstall_list.txt file contents
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby makem2203 » November 21st, 2009, 2:10 pm

Hello, wingman.
Before i start, let me thank you so much for helping me with my problem.

I also have an issue with my windows update... when i go to update it allways fails and says "these updates were not installed successfully" I'm not sure if this is related to malware or anything like that, but i'd thought i'd tell you just incase.

The below is the Uninstall_list.txt that you requested in your last post.

2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Adobe Reader 9.1
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Apple Mobile Device Support
Apple Software Update
AquaMark3
Audacity 1.2.6
Battlefield 1942
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield 2142
BisonCam, NB Pro
Bonjour
Borderlands
British Telecom
Call of Duty 4: Modern Warfare
Call of Duty: World at War
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Counter-Strike
Counter-Strike: Source
Creator 9
Crysis(R)
D.I.P.R.I.P. Warm Up
Day of Defeat
dBpoweramp Music Converter
DCXtended .9
EA Download Manager
Firefox
Flash Player 9 Internet Explorer
Garry's Mod
GCFScape 1.7.3
GearDrvs
GIMP 2.6.7
GTA San Andreas
Half-Life
Half-Life 2
Half-Life 2: Episode Two
HDReg
HijackThis 2.0.2
HLSW v1.3.0
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Infocentre Rev. 2.0
Insurgency
Internet From BT
iTunes
Java DB 10.4.2.1
Java(TM) 6 Update 17
Java(TM) SE Development Kit 6 Update 16
JMB36X Raid Configurer
Kaspersky Internet Security 2010
Kaspersky Internet Security 2010
Kaspersky Online Scanner
Left 4 Dead
Left 4 Dead 2 Demo
LogMeIn Hamachi
LogMeIn Hamachi
Magic Sports
MagicSports 3.5
Men of War
Metaboli
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft® Office Trial 2007
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MTA:SA DM Developer Preview 2.3
Natural Selection 3.2
NS Training Public Beta 1.0
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
Packard Bell ImageWriter
Packard Bell LCD Test
Packard Bell Updator
PC Wizard 2008.1.81
Peggle Extreme
Picasa 2
Picasa2
PiraMod_30000.04
PremiumSoft Navicat MySQL 7.2
PunkBuster Services
QuickTime
Razer Habu Config
Razer Reclusa Config
Real Lives 2007
Realtek HD Audio V6.0.1.5334
Realtek High Definition Audio Driver
Roger Wilco
Roxio Creator 9 LE
Saitek SST Programming Software
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
SetUp My PC
Shockwave player 10
Silkroad
Skype 2.5.2.151
Skype™ Beta 4.0
SmartFTP Client 2.5.1006.16
SoundMAX
Source SDK
Source SDK Base
Steam
System Requirements Lab
Team Fortress Classic
TeamSpeak 2 RC2
TeamViewer 4
Theme Park World
TomTom HOME
TortoiseSVN 1.6.0.15855 (32 bit)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Valve Hammer Editor
Ventrilo Client
Video NVIDIA v162.22
VLC media player 1.0.0-rc3
Webshots Desktop
Windows Live ID Sign-in Assistant
Windows Live installer
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR archiver
World of Warcraft
Xfire (remove only)
Zombie Panic! Source
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby Wingman » November 22nd, 2009, 11:59 am

Hello makem2203,

Please do not make any changes to your system, run any "fix" programs and/or remove any files unless instructed to do so, by me.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

PunkBuster warning
I noticed you have PunkBuster installed... read the "Published features" section.
PunkBuster can take control over various aspects of your computer and some gaming tools not unlike PunkBuster, also hinder their removals.
By the definition we use, PunkBuster is actual spyware. Therefore, I'm asking you to choose one of the following options:
  1. We "try" to leave PunkBuster alone... however, there is no guarantee a spyware component doesn't "inadvertently" get taken out... so PunkBuster might fail. This will also prevent you from playing games using PunkBuster enabled servers.
  2. We can just remove PunkBuster. You can reinstall it afterwards if you wish, but please keep in mind that it is spyware.
  3. We can not clean this computer at all. This ensures PunkBuster will continue to function.
If you choose to remove PunkBuster, please perform the uninstall steps below. Otherwise, let me know what other option you chose.

Regardless of the PunkBuster decision, please run the GMER and RSIT steps.

Step 1.
Uninstall PunkBuster
Please download PBSVC Setup Program. Save it to your desktop.
  1. Double click on pbsvc.exe to start it... then click Uninstall.
    Using Vista, you must right click pbsvc.exe.exe and choose "Run As Administrator" then click "Uninstall" .
    Once that's finished...
  2. Click Start > Search and copy and paste the following into the open text box:
    Code: Select all
    cmd /c for %i in (A B K) do sc delete PnkBstr%i
  3. Click OK. A black box will flash very briefly, this is normal.
  4. Double click My Computer on your desktop and browse to C:\windows\system32\drivers
  5. Locate the file: PnkBstrK.sys... if found delete it.
Let me know if you performed these steps successfully.

Step 2.
GMER
The downloaded file will have a random name... this prevents malware from detecting and blocking it.
Please download GMER... random file name.exe by GMER. An alternate (zip file) download site.
Note: Do not run any programs while Gmer is running.
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  1. Double click on the random named.exe to execute. If asked, allow the gmer.sys driver load.
    Using Vista, you must right click random named.exe and choose "Run As Administrator".
  2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO <--- Important!
  3. On the right side panel, several boxes have been checked. Please UNCHECK the following: (see image below)
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All <-- don't miss this one

    Image
    Click on image to enlarge

  4. If you don't get a warning then... Click the Rootkit/Malware tab at the top of the GMER window.
  5. Click the Scan button.
  6. Once the scan has finished... click Copy.
  7. Open Notepad and paste (Ctrl+V) what you copied.
  8. Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.
  9. Copy and paste the contents of the files gmerroot.txt in your next reply.

Step 3.
RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. PunkBuster?
  3. GMER gmerroot.txt file contents.
  4. RSIT log.txt and info.txt file contents.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby makem2203 » November 22nd, 2009, 12:25 pm

Hello wingman,

After following your instructions, all was going well untill i had to do Step 2, 5.. which was the following "Click the Scan button" i did so.. and the program started to scan then around 5 seconds later it went to not responding (Using Vista's OS, it decided the only option i had was to close it) So i closed it... and tried to restart the program although, after i right clicked it and clicked on "run as administrator" the pc gave a me a BSOD (blue screen of death) ... So i could not finish that step, would you like for me to miss step 2 out, and continue your instructions?

Makem.

P.s.

Apart from step 2, step 1 was fine.. no problems on PunkBuster.
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby Wingman » November 22nd, 2009, 7:13 pm

Hello makem2203,

OK... I see you decided to uninstall PunkBuster. I good decision, in my opinion. :)
I'm sorry you had problems with the GMER application... this program sometimes, does not "play well" with various software setups. We'll run a different scan, instead.

Please do not make any changes to your system, run any "fix" programs and/or remove any files unless instructed to do so, by me.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
SysProt AntiRootkit
Please download SysProt.zip ... by swatkat. Save it to your desktop.
Alternate download sites include: Softpedia, MajorGeeks, BetaNews and FreewareGeeks
If you have a 3rd party "unzipping" program...use it to open the zipped file...then skip to Step 5. Otherwise...
  1. Right click on SysProt.zip and select "Extract All"....
  2. Click Next on the "Welcome to the Compressed (zipped) Folders Extraction Wizard."
  3. Click on the Browse...button, then click on Desktop, then click OK.
  4. Once done, check (tick) the Show extracted files box and click Finish.
  5. Open the SysProt folder... Double click Sysprot.exe to start the program.
    Using VISTA, you must right-click "Sysprot.exe" and select "Run As Administrator", to start the program.
  6. Click on the Log tab.
  7. In the Write to log box... check ALL items... then check Hidden Objects Only at the bottom of the window.
  8. Click the Create Log button... (After a few seconds a new window should appear.)
  9. Select Scan root drive only... then click the Start button, to begin scanning.
    When completed, a window appears indicating the scan finished & a log file was successfully created.
    The SysProt folder on your desktop, will contain the scan results file named "SysProtLog.txt".
  10. Please copy and paste the contents of SysProtLog.txt into your next reply.

Step 2.
MSConfig Running
Your log shows that MSConfig is running at startup.
This indicates that you may be using "diagnostic startup" rather than "normal startup" to stop something from running.
It is possible that you have disabled something that will affect how we clean your machine. Please don't change anything in MSConfig yet, I want to see what has been disabled, without making any changes:
Shows MSConfig entries
  1. Open Notepad (Not Wordpad)
  2. Copy/paste the following code from the box below, into the blank Notepad document.
    (Make sure "Word Wrap" (under Format) is UNCHECKED.
    Code: Select all
    @echo off
    regedit /a /e %systemdrive%\regkey.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig"
    notepad %systemdrive%\regkey.txt
    del /q %systemdrive%\regkey.txt
    del %0
    
  3. Go to the Command Menu at the top of the Notepad, select File and Save As...
  4. In the File name: enter "config.bat" (you MUST include the quotes), then press Save
  5. Double-click the file config.bat on your desktop.
    Using VISTA, you must right-click "config.bat", then select "Run As Administrator"
  6. Notepad will open with the "regkey.txt" file contents... Please copy/paste the content of regkey.txt in your reply.
    Make sure you have copied the the regkey.txt file data... When you close Notepad, the config.bat and regkey.txt files will be deleted.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. SysProt scan SysProtLog.txt file contents.
  3. MSConfig regkey.txt file contents
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby makem2203 » November 24th, 2009, 5:05 pm

Hello Wingman, and thank you for posting.

I followed your instructions as you said, when i went to do the "Hidden file Scan" using the SysProt program, i was waiting for it to finish when all of a sudden, my computer froze. I Waited around 3-5minutes and then the computer started to respond again... when it did, it gave me some sort of memory load error saying that it could not alocate memory? some thing along those lines... anyhow, i thought you may need the error so i hit the Print Screen button my keyboard and then was going to save it.. then for some stange reason my PC restarted by it's self... (not sure if this was due to the error or not) So, i was unable to give your the screen shot. Although, The SysProt program did indeed make a .txt in it's folder containing some information that you requested. I am unsure to whether or not it's all there, due to the random restart... but here it is anyway.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\spvn.sys
Service Name: ---
Module Base: 82A8E000
Module End: 82B81000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\abbdhlgb.SYS
Service Name: ---
Module Base: 90105000
Module End: 9013E000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: 92295000
Module End: 9229F000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_nvstor32.sys
Service Name: ---
Module Base: 9229F000
Module End: 922BC000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAlpcConnectPort
Address: 90D90E06
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwAlpcCreatePort
Address: 90D90F84
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwAlpcSendWaitReceivePort
Address: 90D91014
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwClose
Address: 90D8FDF8
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwConnectPort
Address: 90D904EA
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateEvent
Address: 90D90816
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateFile
Address: 90D8FF66
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateMutant
Address: 90D906EE
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateNamedPipeFile
Address: 90D8F9D2
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreatePort
Address: 90D905AA
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateSection
Address: 90D8FB8C
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateSemaphore
Address: 90D90948
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateWaitablePort
Address: 90D9064C
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwFsControlFile
Address: 90D900C4
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenEvent
Address: 90D908B8
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenFile
Address: 90D8FE34
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenMutant
Address: 90D90786
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenSection
Address: 90D9145C
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenSemaphore
Address: 90D909EA
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwQueryDirectoryObject
Address: 90D91214
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwReplyPort
Address: 90D90D74
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwReplyWaitReceivePort
Address: 90D90C3A
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSecureConnectPort
Address: 90D901F0
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSetInformationToken
Address: 90D912C8
Driver Base: 90D72000
Driver End: 90DBB000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_CREATE
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_READ
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_WRITE
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_SET_EA
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_POWER
Jump To: 82A96E30
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82AA5518
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\PCI_PNP7982
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 82ACCABC
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 85C0A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 85C0A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85C0A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 85C0A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 85C0A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 85C0A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\jraid.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 85C0C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\jraid.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 85C0C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\jraid.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85C0C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\jraid.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 85C0C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\jraid.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 85C0C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\jraid.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 85C0C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 896E71F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 896E71F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_READ
Jump To: 896E71F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_WRITE
Jump To: 896E71F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 896E71F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 896E71F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 896E71F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 896E71F8
Hooking Module: _unknown_

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 82A8F000
Hooking Module: \SystemRoot\System32\Drivers\spvn.sys

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 87D231F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 87D231F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 87D231F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 87D231F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 87D231F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 87D231F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 899E61F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 899E61F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 899E61F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 899E61F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 899E61F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\abbdhlgb.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 87D2C1F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\abbdhlgb.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 87D2C1F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\abbdhlgb.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 87D2C1F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\abbdhlgb.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 87D2C1F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\abbdhlgb.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 87D2C1F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\abbdhlgb.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 87D2C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 87D9C500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 87D9C500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 87D9C500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 87D9C500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 87D9C500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 87BFE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 87BFE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 87BFE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 87BFE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 87BFE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 87BFE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 87BFE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 87BFE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 87BFE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 87BFE1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 87D2E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 87D2E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 87D2E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 87D2E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 87D2E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 87D2E1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 85C081F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_READ
Jump To: 85C081F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 85C081F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 85C081F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85C081F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 85C081F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 85C081F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 85C081F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 85C081F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 85C081F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nvstor32.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 85C0B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nvstor32.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 85C0B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nvstor32.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85C0B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nvstor32.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 85C0B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nvstor32.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 85C0B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\nvstor32.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 85C0B1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 87B1A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 87B1A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 87B1A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 87B1A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 87B1A1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 87B1A1F8
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: CALVINS-PC.BELKIN:49407
Remote Address: CDS100.IAD9.MSECN.NET:HTTP
Type: TCP
Process: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
State: ESTABLISHED

Local Address: CALVINS-PC.BELKIN:49393
Remote Address: 65.55.25.59:HTTPS
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CALVINS-PC.BELKIN:49163
Remote Address: NYC2950-8H05QG1:23120
Type: TCP
Process: C:\Program Files\Ventrilo\Ventrilo.exe
State: ESTABLISHED

Local Address: CALVINS-PC.BELKIN:49159
Remote Address: H-APP01-02.HAMACHI.CC:12975
Type: TCP
Process: C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
State: ESTABLISHED

Local Address: CALVINS-PC.BELKIN:ICSLAP
Remote Address: 192.168.2.1:3120
Type: TCP
Process: System
State: ESTABLISHED

Local Address: CALVINS-PC.BELKIN:ICSLAP
Remote Address: 192.168.2.1:3119
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CALVINS-PC.BELKIN:ICSLAP
Remote Address: 192.168.2.1:3117
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CALVINS-PC.BELKIN:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CALVINS-PC:49406
Remote Address: LOCALHOST:NFSD-STATUS
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: ESTABLISHED

Local Address: CALVINS-PC:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: CALVINS-PC:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: CALVINS-PC:NFSD-STATUS
Remote Address: LOCALHOST:49406
Type: TCP
Process: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
State: ESTABLISHED

Local Address: CALVINS-PC:NFSD-STATUS
Remote Address: LOCALHOST:49366
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CALVINS-PC:NFSD-STATUS
Remote Address: LOCALHOST:49268
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CALVINS-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CALVINS-PC:49158
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: CALVINS-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: CALVINS-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: CALVINS-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: CALVINS-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: CALVINS-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: CALVINS-PC:19780
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
State: LISTENING

Local Address: CALVINS-PC:10243
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CALVINS-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CALVINS-PC:MS-WBT-SERVER
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: CALVINS-PC:ICSLAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CALVINS-PC:NFSD-STATUS
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
State: LISTENING

Local Address: CALVINS-PC:RTSP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: LISTENING

Local Address: CALVINS-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CALVINS-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: CALVINS-PC.BELKIN:60274
Remote Address: NA
Type: UDP
Process: C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
State: NA

Local Address: CALVINS-PC.BELKIN:53179
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: CALVINS-PC.BELKIN:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CALVINS-PC.BELKIN:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: CALVINS-PC.BELKIN:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CALVINS-PC.BELKIN:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CALVINS-PC:58941
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: CALVINS-PC:53181
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: CALVINS-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: CALVINS-PC:53180
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: CALVINS-PC:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CALVINS-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: CALVINS-PC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CALVINS-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CALVINS-PC:53193
Remote Address: NA
Type: UDP
Process: C:\Program Files\Ventrilo\Ventrilo.exe
State: NA

Local Address: CALVINS-PC:53192
Remote Address: NA
Type: UDP
Process: C:\Program Files\Ventrilo\Ventrilo.exe
State: NA

Local Address: CALVINS-PC:49154
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: CALVINS-PC:49152
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CALVINS-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: CALVINS-PC:5005
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: NA

Local Address: CALVINS-PC:5004
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: NA

Local Address: CALVINS-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: CALVINS-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: CALVINS-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: CALVINS-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: CALVINS-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************


Here is also the other information you requested (Regkey.txt) below. I'd also like to say, i did also stop some programs running using the MSConfig in the past, at an effort to increase my computer performance.


"MONTH"=dword:0000000a
"DAY"=dword:0000000b
"HOUR"=dword:0000000a
"MINUTE"=dword:00000019
"SECOND"=dword:00000014

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\PnkBstrB]
"PnkBstrB"=dword:00000002
"YEAR"=dword:000007d9
"MONTH"=dword:0000000a
"DAY"=dword:0000000b
"HOUR"=dword:0000000a
"MINUTE"=dword:00000019
"SECOND"=dword:00000014

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^calvin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
"path"="C:\\Users\\calvin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Webshots.lnk"
"backup"="C:\\Windows\\pss\\Webshots.lnk.Startup"
"location"="C:\\Users\\calvin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\Webshots\\Launcher.exe /t"
"item"="Webshots"
"YEAR"=dword:000007d9
"MONTH"=dword:00000003
"DAY"=dword:00000017
"HOUR"=dword:00000012
"MINUTE"=dword:00000010
"SECOND"=dword:0000002a

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^calvin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
"path"="C:\\Users\\calvin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Xfire.lnk"
"backup"="C:\\Windows\\pss\\Xfire.lnk.Startup"
"location"="C:\\Users\\calvin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\Xfire\\xfire.exe "
"item"="Xfire"
"YEAR"=dword:000007d9
"MONTH"=dword:00000007
"DAY"=dword:00000007
"HOUR"=dword:00000008
"MINUTE"=dword:0000002b
"SECOND"=dword:0000000e

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="!AVG Anti-Spyware"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"
"YEAR"=dword:000007d8
"MONTH"=dword:0000000c
"DAY"=dword:00000007
"HOUR"=dword:0000000f
"MINUTE"=dword:00000013
"SECOND"=dword:0000001c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\28c7e029]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="28c7e029"
"hkey"="HKCU"
"command"="rundll32.exe \"C:\\Users\\calvin\\AppData\\Local\\Temp\\uxjnqoka.dll\",b"
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:00000003
"DAY"=dword:00000004
"HOUR"=dword:00000011
"MINUTE"=dword:00000039
"SECOND"=dword:00000036

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:00000008
"DAY"=dword:00000012
"HOUR"=dword:00000012
"MINUTE"=dword:00000015
"SECOND"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AppleSyncNotifier"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"inimapping"="0"
"YEAR"=dword:000007d8
"MONTH"=dword:0000000c
"DAY"=dword:00000007
"HOUR"=dword:0000000f
"MINUTE"=dword:00000013
"SECOND"=dword:0000001c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:0000000b
"DAY"=dword:00000010
"HOUR"=dword:00000010
"MINUTE"=dword:00000000
"SECOND"=dword:0000000e

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehTray.exe"
"hkey"="HKCU"
"command"="C:\\Windows\\ehome\\ehTray.exe"
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:00000008
"DAY"=dword:00000012
"HOUR"=dword:00000012
"MINUTE"=dword:00000015
"SECOND"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Habu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Habu"
"hkey"="HKLM"
"command"="C:\\Program Files\\Razer\\Habu\\razerhid.exe"
"inimapping"="0"
"YEAR"=dword:000007d8
"MONTH"=dword:00000007
"DAY"=dword:0000000c
"HOUR"=dword:00000000
"MINUTE"=dword:00000038
"SECOND"=dword:00000029

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:00000008
"DAY"=dword:00000012
"HOUR"=dword:00000012
"MINUTE"=dword:00000015
"SECOND"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
"YEAR"=dword:000007d8
"MONTH"=dword:0000000c
"DAY"=dword:00000007
"HOUR"=dword:0000000f
"MINUTE"=dword:00000013
"SECOND"=dword:0000001c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\JMB36X IDE Setup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="JMB36X IDE Setup"
"hkey"="HKLM"
"command"="C:\\Windows\\RaidTool\\xInsIDE.exe"
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:00000008
"DAY"=dword:00000012
"HOUR"=dword:00000012
"MINUTE"=dword:00000015
"SECOND"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:00000003
"DAY"=dword:00000004
"HOUR"=dword:00000011
"MINUTE"=dword:00000039
"SECOND"=dword:00000036

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSPService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSPService"
"hkey"="HKLM"
"command"="C:\\Program Files\\CyberLink\\MagicSports\\Kernel\\MagicSports\\MSPMirage.exe"
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:00000008
"DAY"=dword:00000012
"HOUR"=dword:00000012
"MINUTE"=dword:00000015
"SECOND"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Picasa Media Detector"
"hkey"="HKLM"
"command"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:0000000c
"DAY"=dword:0000001c
"HOUR"=dword:0000000d
"MINUTE"=dword:0000001f
"SECOND"=dword:00000010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Profiler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Profiler"
"hkey"="HKLM"
"command"="C:\\Program Files\\Saitek\\Software\\ProfilerU.exe"
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:00000008
"DAY"=dword:00000012
"HOUR"=dword:00000012
"MINUTE"=dword:00000015
"SECOND"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QTEO Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QTEO Agent"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\28463\\QTEO.exe"
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:00000007
"DAY"=dword:00000007
"HOUR"=dword:00000008
"MINUTE"=dword:0000002b
"SECOND"=dword:0000000e

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"inimapping"="0"
"YEAR"=dword:000007d8
"MONTH"=dword:0000000c
"DAY"=dword:00000007
"HOUR"=dword:0000000f
"MINUTE"=dword:00000013
"SECOND"=dword:0000001c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Reclusa]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reclusa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Razer\\Reclusa\\razerhid.exe"
"inimapping"="0"
"YEAR"=dword:000007d8
"MONTH"=dword:00000007
"DAY"=dword:0000000c
"HOUR"=dword:00000000
"MINUTE"=dword:00000038
"SECOND"=dword:00000029

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxWatchTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RoxWatchTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\""
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:00000008
"DAY"=dword:00000012
"HOUR"=dword:00000012
"MINUTE"=dword:00000015
"SECOND"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SaiMfd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SaiMfd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Saitek\\Software\\SaiMfd.exe"
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:00000008
"DAY"=dword:00000012
"HOUR"=dword:00000012
"MINUTE"=dword:00000015
"SECOND"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpeedTouch USB Diagnostics"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"inimapping"="0"
"YEAR"=dword:000007d8
"MONTH"=dword:00000007
"DAY"=dword:0000000b
"HOUR"=dword:00000017
"MINUTE"=dword:00000035
"SECOND"=dword:0000000e

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"c:\\program files\\steam\\steam.exe\" -silent"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:0000000c
"DAY"=dword:0000001c
"HOUR"=dword:0000000d
"MINUTE"=dword:00000023
"SECOND"=dword:00000021

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:0000000b
"DAY"=dword:00000010
"HOUR"=dword:00000010
"MINUTE"=dword:00000000
"SECOND"=dword:0000000e

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec PIF AlertEng]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Symantec PIF AlertEng"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"inimapping"="0"
"YEAR"=dword:000007d8
"MONTH"=dword:00000007
"DAY"=dword:0000000b
"HOUR"=dword:00000017
"MINUTE"=dword:00000035
"SECOND"=dword:0000000e

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TomTomHOME.exe"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\TomTom HOME\\TomTomHOME.exe\" -s"
"inimapping"="0"
"YEAR"=dword:000007d8
"MONTH"=dword:00000008
"DAY"=dword:0000000e
"HOUR"=dword:00000012
"MINUTE"=dword:00000038
"SECOND"=dword:00000010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\toolbar_eula_launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="toolbar_eula_launcher"
"hkey"="HKLM"
"command"="C:\\Program Files\\Packard Bell\\GOOGLE_EULA\\EULALauncher.exe"
"inimapping"="0"
"YEAR"=dword:000007d8
"MONTH"=dword:00000007
"DAY"=dword:0000000b
"HOUR"=dword:00000017
"MINUTE"=dword:00000035
"SECOND"=dword:0000000e

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Windows Defender"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:0000000c
"DAY"=dword:0000001c
"HOUR"=dword:0000000d
"MINUTE"=dword:00000023
"SECOND"=dword:00000021

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"
"YEAR"=dword:000007d9
"MONTH"=dword:00000008
"DAY"=dword:00000012
"HOUR"=dword:00000012
"MINUTE"=dword:00000015
"SECOND"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"startup"=dword:00000002
"services"=dword:00000002



My computer doesn't seem to be acting any diffrently from what it usually does... slow, slugish, and very prone to crashes and the alike...

While looking through my Task Manager a few days ago i also notice an assessive amount of SVChost.exe's running.. i am not sure if this is relevant or i have said it already... just thought i'd let you know in advance.


Makem.
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby Wingman » November 27th, 2009, 4:40 pm

Hello Makem,

There are some files that I need to get more information on, so I'd like to run some online file scans.

Please do not make any changes to your system, run any "fix" programs and/or remove any files unless instructed to do so, by me.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.


Step 1.
Please enable the Show Hidden Files and Folders option:
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    control folders
      Depending on you view settings: choose one of these options:
    • Double-click on the Folder Options icon... then click on the View tab.
    • Click on the Appearance and Personalization link... then click on Show Hidden Files or Folders.
  5. SELECT...button Show hidden files and folders.
    under the "Hidden files and folders" section.
  6. Remove check mark from check box... Hide extensions for known file types.
  7. Remove check mark from check box... Hide protected operating system files.
  8. Press the Apply button...then the OK button.
Now Windows Vista is configured to show all hidden files.

Step 2.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Windows\System32\Drivers\spvn.sys
C:\Windows\System32\Drivers\abbdhlgb.SYS
C:\Windows\system32\28463\QTEO.exe


Using Jotti
  1. Choose the appropriate language... once a language is selected, you'll see a message "Ready to receive files"
  2. Please copy and paste... the above full path and file name(s)...in the text box next to the Browse button.
  3. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  4. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  5. When all scans have completed... Highlight the results text from the Jotti's malware scan box.
  6. Copy the selected text... Open Notepad... Paste the contents into Notepad... Save the file to a convenient place.
  7. Please repeat this procedure for each file listed above.
  8. Paste the contents of all the Jotti scan results in your next reply.

Using Virus Total
  1. Please copy and paste... the above full path and file name(s)...in the text box next to the Browse button.
  2. Click on Send File...button.
  3. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  4. When the scan is completed...press the "Compact" icon
  5. The results will be shown in a grid like window... right-click on the text, choose Select All, then Copy the entire contents.
  6. Open Notepad...Paste the result contents into the Notepad window...Save this file to a convenient place.
  7. Please repeat this procedure for each file listed above.
  8. Paste the contents of all the Virus Total results in your next reply.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Jotti or Virus Total scan results on 3 files
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby makem2203 » November 28th, 2009, 5:04 pm

Hello wingman. Thank you for getting back to me, Although while following your step 2, i encountered a problem...


When i put the file path into Jotti or Virus Total, it gave me the following error message.

spvn.sys
File not found.
Check the file name and try again.


I got this error message on all of the requested file paths you requested to scan.

I tried all of the below file paths for scanning you asked...

C:\Windows\System32\Drivers\spvn.sys
C:\Windows\System32\Drivers\abbdhlgb.SYS
C:\Windows\system32\28463\QTEO.exe

The computer is still acting the same as last post.

Makem.
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby Wingman » November 28th, 2009, 7:06 pm

Hello makem2203,

Thanks for your efforts. ;)
I meant to respond to your reference to the multiple occurances of svchost.exe seen in Task manager... this is normal as this process houses multiple system processes and the number of occurances can vary. I am running a minimal XP system and I have 7 occurances in Task manager. Again this is normal and not a cause for concern.

Please do not make any changes to your system, run any "fix" programs and/or remove any files unless instructed to do so, by me.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please print these instructions... your browser will be closed, so you will not have Internet access.

Step 1.
TFC (Temp File Cleaner)
  1. Please download TFC.exe...by Old Timer. Save it to your desktop.
    Print these instructions. Save any unsaved work. TFC will close ALL open programs... including your browser!
  2. Right click on TFC.exe and select Run As Administrator to run it. If Windows UAC prompts, please allow it.
  3. Click the Start button to begin the cleanup.
    TFC will begin cleaning up the "temp" files... it may take only a few seconds or it could be several minutes, depending on the amount of temp files found.
  4. If prompted to reboot... click Yes.
! Important ! If TFC prompts you to reboot, please do so immediately, before proceeding to any other steps or other use of your computer.

Step 2.
Malwarebytes' Anti-Malware
Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download sites available here or here.
  1. Make sure you are connected to the Internet.
  2. Double-click on mbam-setup.exe to install the application.
    Using VISTA: Right-click on mbam-setup.exe, select "Run As Administrator" to install the application.
  3. When the installation begins, follow the prompts and do not make any changes to default settings.
  4. When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue.
    • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
  1. Make sure the "Perform Quick Scan" option is selected.
  2. Then click on the Scan button.
  3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  4. Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
    When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  3. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Step 3.
RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. MBAM scan results
  3. RSIT log.txt and info.txt file contents
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby makem2203 » November 29th, 2009, 5:39 pm

Hello wingman!

Thank you for your post with your help, i do appritiate all you are doing for me.

Please include in your next reply:

1. Any problem executing the instructions?
2. MBAM scan results
3. RSIT log.txt and info.txt file contents
4. How is the computer behaving?




1. Any problem executing the instructions?
The only thing that threw me off was in the instructions on step 2, you specified the following:
# Click on the Show Results button to see a list of any malware that was found.
# Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


I am not sure if the scan did not come up with anything, this is then not aplicable, as i did not have to do anything involving the "C:\System Volume Information folder".

2. MBAM scan results
Although, i did get a .txt from the scan and it is as follows:

Malwarebytes' Anti-Malware 1.41
Database version: 3258
Windows 6.0.6002 Service Pack 2

29/11/2009 21:14:54
mbam-log-2009-11-29 (21-14-54).txt

Scan type: Quick Scan
Objects scanned: 103594
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



RSIT log.txt and info.txt file contents
(I am sorry if you wanted me to post these two logs on separet posts, but you also told me to post this in my next post)

Logfile of random's system information tool 1.06 (written by random/random)
Run by calvin at 2009-11-29 21:18:45
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 216 GB (46%) free of 469 GB
Total RAM: 3070 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:47, on 29/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\calvin\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\calvin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/56.31/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1956764499
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1956856774
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 6544 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Driver Robot.job
C:\Windows\tasks\Recovery DVD Creator.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-09-11 264720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\Windows\System32\msconfig.exe [2008-01-19 227840]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
"SoundTray"=C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe [2007-09-27 53248]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-01-09 4186112]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-10-25 1302528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\28c7e029]
C:\Users\calvin\AppData\Local\Temp\uxjnqoka.dll,b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Habu]
C:\Program Files\Razer\Habu\razerhid.exe [2007-05-11 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPService]
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe [2007-06-12 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-02-21 366400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
C:\Program Files\Saitek\Software\ProfilerU.exe [2005-10-18 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QTEO Agent]
C:\Windows\system32\28463\QTEO.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reclusa]
C:\Program Files\Razer\Reclusa\razerhid.exe [2007-03-07 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-01-11 232184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
C:\Program Files\Saitek\Software\SaiMfd.exe [2005-11-03 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe /icon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2009-11-06 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME\TomTomHOME.exe [2007-05-15 3975848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^calvin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
C:\PROGRA~1\Webshots\Launcher.exe [2008-08-15 157000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^calvin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~1\Xfire\xfire.exe [2009-07-02 3190096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-11-29 21:18:45 ----D---- C:\rsit
2009-11-25 03:02:58 ----A---- C:\Windows\system32\tzres.dll
2009-11-24 20:42:18 ----A---- C:\Windows\system32\msxml6.dll
2009-11-24 20:42:18 ----A---- C:\Windows\system32\msxml3.dll
2009-11-22 19:26:01 ----D---- C:\Program Files\Spring 1944
2009-11-14 20:56:34 ----D---- C:\Program Files\LogMeIn Hamachi
2009-11-12 00:57:13 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-11-10 17:02:11 ----D---- C:\Program Files\DAEMON Tools Lite
2009-11-10 17:01:54 ----D---- C:\Users\calvin\AppData\Roaming\DAEMON Tools Lite
2009-11-10 17:01:51 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-11-10 16:58:52 ----D---- C:\Program Files\2K Games
2009-11-10 16:57:48 ----D---- C:\BDS
2009-11-09 22:34:27 ----A---- C:\Windows\system32\javaws.exe
2009-11-09 22:34:27 ----A---- C:\Windows\system32\javaw.exe
2009-11-09 22:34:27 ----A---- C:\Windows\system32\java.exe
2009-11-08 00:12:23 ----D---- C:\Program Files\BitTornado
2009-11-06 22:29:24 ----D---- C:\Program Files\GIMP-2.0
2009-11-04 16:37:32 ----A---- C:\Windows\system32\mshtml.dll
2009-11-02 02:26:39 ----D---- C:\Program Files\Paint.NET

======List of files/folders modified in the last 1 months======

2009-11-29 21:18:47 ----D---- C:\Windows\Prefetch
2009-11-29 21:17:05 ----D---- C:\Windows\temp
2009-11-29 21:01:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-29 21:01:06 ----D---- C:\Windows\system32\drivers
2009-11-29 20:57:44 ----D---- C:\ProgramData\Kaspersky Lab
2009-11-29 20:56:40 ----D---- C:\ProgramData\NVIDIA
2009-11-29 20:54:38 ----D---- C:\Windows
2009-11-29 18:10:45 ----SHD---- C:\System Volume Information
2009-11-29 17:10:23 ----D---- C:\Windows\system32\catroot2
2009-11-29 17:10:17 ----D---- C:\Program Files\Steam
2009-11-29 03:03:36 ----SHD---- C:\Windows\Installer
2009-11-29 03:03:36 ----D---- C:\ProgramData\Microsoft Help
2009-11-28 02:57:30 ----D---- C:\Program Files\Cheat Engine
2009-11-27 00:02:08 ----D---- C:\Program Files\Spring Engine
2009-11-26 22:00:50 ----D---- C:\Program Files\Common Files\Steam
2009-11-25 17:38:17 ----D---- C:\Windows\rescache
2009-11-25 03:40:28 ----D---- C:\Windows\system32\en-US
2009-11-25 03:40:28 ----AD---- C:\Windows\System32
2009-11-25 03:04:00 ----D---- C:\Windows\winsxs
2009-11-25 03:03:30 ----D---- C:\Windows\system32\catroot
2009-11-22 19:26:01 ----RD---- C:\Program Files
2009-11-22 16:19:37 ----D---- C:\Windows\Minidump
2009-11-22 16:03:53 ----A---- C:\Windows\system32\pbsvc.exe
2009-11-18 01:33:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-12 04:50:43 ----D---- C:\Program Files\Windows Mail
2009-11-11 03:32:52 ----D---- C:\Users\calvin\AppData\Roaming\gtk-2.0
2009-11-10 17:55:22 ----D---- C:\Users\calvin\AppData\Roaming\Hamachi
2009-11-10 17:30:24 ----RSD---- C:\Windows\assembly
2009-11-10 17:27:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-10 17:27:43 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-10 17:11:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-10 17:01:51 ----HD---- C:\ProgramData
2009-11-09 22:34:07 ----D---- C:\Program Files\Java
2009-11-05 17:36:21 ----A---- C:\Windows\system32\mrt.exe
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-11-02 02:50:57 ----D---- C:\Windows\system32\Tasks
2009-11-01 04:23:42 ----SD---- C:\Users\calvin\AppData\Roaming\Microsoft
2009-10-30 18:30:33 ----D---- C:\Program Files\Mozilla Firefox
2009-10-30 17:05:49 ----D---- C:\Windows\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-06-15 128016]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-09-11 280592]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]
R2 WinFLdrv;WinFLdrv; C:\Windows\system32\WinFLdrv.sys [2009-08-19 10752]
R2 WinVd32;WinVd32; \??\C:\Windows\system32\WinVd32.sys [2009-08-19 180224]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-10-25 354304]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HabuFltr;Habu Mouse; C:\Windows\system32\drivers\habu.sys [2006-10-23 27776]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-14 9557216]
R3 RecFltr;Reclusa Keyboard; C:\Windows\System32\Drivers\RecFltr.sys [2007-01-18 41984]
R3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys [2006-07-27 13824]
R3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2006-07-27 35200]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S2 ASInsHelp;ASInsHelp; \??\C:\Windows\system32\drivers\AsInsHelp32.sys []
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\Windows\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\Windows\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 anjmjssy;anjmjssy; C:\Windows\system32\drivers\anjmjssy.sys []
S3 Cam5603D;BisonCam, NB Pro; C:\Windows\System32\Drivers\BisonCam.sys [2005-12-19 649088]
S3 catchme;catchme; \??\C:\Users\calvin\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-09 1655464]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SaiH075C;SaiH075C; C:\Windows\system32\DRIVERS\SaiH075C.sys [2006-07-27 176640]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys []
S3 SysProtDrv.sys;SysProtDrv.sys; \??\C:\Users\calvin\Desktop\SysProt\SysProtDrv.sys [2009-11-24 44288]
S3 tap0801;TAP-Win32 Adapter V8; C:\Windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-04-19 131368]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 12032]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-10-19 86016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-14 215584]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-03-06 266343]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-01-11 166648]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-11 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-26 320760]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

And next is the Info log you requested.

info.txt logfile of random's system information tool 1.06 2009-11-29 21:18:50

======Uninstall list======

-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA8A7C81-B0D0-422D-8FBD-BF2D25986667}\setup.exe" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Shockwave Player-->MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AquaMark3-->C:\PROGRA~1\AQUAMA~1\UNWISE.EXE C:\PROGRA~1\AQUAMA~1\INSTALL.LOG
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
BisonCam, NB Pro-->Rundll32.exe BisonRem.dll,WinMainRmv
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Borderlands-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}\setup.exe" -l0x9 -removeonly
British Telecom-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *BT_GB*
Call of Duty 4: Modern Warfare-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7940
Call of Duty: World at War-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10090
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.5-->"C:\Program Files\Cheat Engine\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Creator 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
D.I.P.R.I.P. Warm Up-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17530
Day of Defeat-->"C:\Program Files\Steam\steam.exe" steam://uninstall/30
dBpoweramp Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
DCXtended .9-->C:\Program Files\EA GAMES\Battlefield 1942\Mods\DC_Extended\uninstall.exe
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Firefox-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *FirefoxGB*
Flash Player 9 Internet Explorer-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*
Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000
GCFScape 1.7.3-->"C:\Program Files\GCFScape\unins000.exe"
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life-->"C:\Program Files\Steam\steam.exe" steam://uninstall/70
HDReg-->MsiExec.exe /I{AB7032FF-AFED-4C58-AA5C-8473B273793A}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.3.0-->"C:\Program Files\HLSW\unins000.exe"
Host OpenAL (ADI)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA8A7C81-B0D0-422D-8FBD-BF2D25986667}\setup.exe" -l0x9 /remove
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Insurgency-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17700
Internet From BT-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE9033AD-CBAE-4EDF-989A-BC479FBC6F1F}\Setup.exe"
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java DB 10.4.2.1-->MsiExec.exe /X{926C96FB-9D0A-4504-8000-C6D3A4A3118E}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) SE Development Kit 6 Update 16-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160160}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Kaspersky Online Scanner-->C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Left 4 Dead 2 Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/590
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
LogMeIn Hamachi-->C:\Windows\system32\\msiexec.exe /i {067EC517-9731-43FD-B4D5-296EE0027BBB} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{067EC517-9731-43FD-B4D5-296EE0027BBB}
Magic Sports-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *MagicSports*
MagicSports 3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5927AF0D-335C-41D6-937B-54587EBD6D2C}\setup.exe" -uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Men of War-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7830
Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft® Office Trial 2007-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFF2k7_UK*
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MTA:SA DM Developer Preview 2.3-->C:\Program Files\MTA San Andreas\Uninstall.exe
Natural Selection 3.2-->"c:\program files\steam\steamapps\makem\half-life\unins000.exe"
NS Training Public Beta 1.0-->"c:\program files\steam\steamapps\ryanl0210\half-life\nstraining\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
PC Wizard 2008.1.81-->"C:\Program Files\PC Wizard 2008\unins000.exe"
Peggle Extreme-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3483
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Picasa2-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Picasa_2*
PiraMod_30000.04-->"C:\Program Files\PiraMod\unins000.exe"
PremiumSoft Navicat MySQL 7.2-->"C:\Program Files\PremiumSoft\Navicat MySQL\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Razer Habu Config-->C:\Program Files\InstallShield Installation Information\{32CF189D-52BB-4C1C-8F93-97E8F3CDDC95}\setup.exe -runfromtemp -l0x0009 -removeonly
Razer Reclusa Config-->C:\Program Files\InstallShield Installation Information\{328591D2-4F59-4EE1-ABF1-7F47E90E31A1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Real Lives 2007-->C:\Program Files\Educational Simulations\Real Lives\UnInstall_21355.exe
Realtek HD Audio V6.0.1.5334-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AUDIO_REALTEK*
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roger Wilco-->C:\PROGRA~1\ROGERW~1\rwbs\UNWISE.EXE C:\PROGRA~1\ROGERW~1\rwbs\INSTALL.LOG
Roxio Creator 9 LE-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Saitek SST Programming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{967FB80D-56BD-42EF-A942-9E8C78F984A4}\Setup.exe" -l0x9 -removeonly
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_GB*
Shockwave player 10-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave*
Silkroad-->C:\Program Files\Silkroad\Remove.Exe
Skype 2.5.2.151-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Skype™ Beta 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SmartFTP Client 2.5.1006.16-->"C:\Program Files\SmartFTP Client\unins000.exe"
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
Source SDK-->"C:\Program Files\Steam\steam.exe" steam://uninstall/211
Spring 1944 Lyuban (1.07)-->C:\Program Files\Spring 1944\uninst.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress Classic-->"C:\Program Files\Steam\steam.exe" steam://uninstall/20
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Theme Park World-->C:\Windows\IsUninst.exe -f"C:\Program Files\Bullfrog\Theme Park World\Uninst.isu" -c"C:\Program Files\Bullfrog\Theme Park World\uninst.dll" -BFLANG=2057
TomTom HOME-->C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
TortoiseSVN 1.6.0.15855 (32 bit)-->MsiExec.exe /X{AE6FB4CD-554F-4560-9A99-F8AE602414DB}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Valve Hammer Editor-->C:\PROGRA~1\VALVEH~1\UNWISE.EXE C:\PROGRA~1\VALVEH~1\INSTALL.LOG
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Video NVIDIA v162.22-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *VIDEO_NVIDIA*
VLC media player 1.0.0-rc3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Webshots Desktop-->"C:\Program Files\Webshots\unins000.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Zombie Panic! Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17500

=====HijackThis Backups=====

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-06-11]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2008-06-11]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-08-29]

======System event log======

Computer Name: Calvins-PC
Event Code: 1003
Message:
Record Number: 167847
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090911161236.000000-000
Event Type: Warning
User:

Computer Name: Calvins-PC
Event Code: 1004
Message: The DHCP Client service is shutting down. The following error occurred :
Access is denied.
Record Number: 167846
Source Name: Microsoft-Windows-DHCPv6-Client
Time Written: 20090911161236.000000-000
Event Type: Warning
User:

Computer Name: Calvins-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
i8042prt
Record Number: 167796
Source Name: Service Control Manager
Time Written: 20090911003152.000000-000
Event Type: Error
User:

Computer Name: Calvins-PC
Event Code: 7000
Message: The ASInsHelp service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 167758
Source Name: Service Control Manager
Time Written: 20090911003152.000000-000
Event Type: Error
User:

Computer Name: Calvins-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 167755
Source Name: Service Control Manager
Time Written: 20090911003152.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Calvins-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 19858
Source Name: WerSvc
Time Written: 20080528140447.000000-000
Event Type: Error
User:

Computer Name: Calvins-PC
Event Code: 3
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Record Number: 19856
Source Name: SecurityCenter
Time Written: 20080528140225.000000-000
Event Type: Error
User:

Computer Name: Calvins-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-982722604-1779561880-2959229312-1002_Classes:
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002_CLASSES
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002_CLASSES
Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002_CLASSES
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002_CLASSES\VirtualStore\MACHINE\SOFTWARE\Microsoft\Direct3D
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002_CLASSES\VirtualStore\MACHINE\SOFTWARE

Record Number: 19820
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080528041259.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Calvins-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
35 user registry handles leaked from \Registry\User\S-1-5-21-982722604-1779561880-2959229312-1002:
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Policies
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\trust
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\trust
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\MSNMessenger
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\TrustedPeople
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Policies\Microsoft\SystemCertificates
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Policies\Microsoft\SystemCertificates
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Policies\Microsoft\SystemCertificates
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Policies\Microsoft\SystemCertificates
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Policies\Microsoft\SystemCertificates
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\Direct3D
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\Root
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\Root
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\Disallowed
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\Disallowed
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\My
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\My
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\CA
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\CA

Record Number: 19819
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080528041258.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Calvins-PC
Event Code: 1000
Message: Faulting application hl.exe, version 1.1.1.1, time stamp 0x43712ff5, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x00067316, process id 0x1164, application start time 0x01c8c05e774897a5.
Record Number: 19797
Source Name: Application Error
Time Written: 20080528013843.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Calvins-PC
Event Code: 4904
Message: An attempt was made to register a security event source.

Subject :
Security ID: S-1-5-18
Account Name: CALVINS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0xdc0
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x2f22d8
Record Number: 30619
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081104205504.210539-000
Event Type: Audit Success
User:

Computer Name: Calvins-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 30618
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081104205321.084539-000
Event Type: Audit Success
User:

Computer Name: Calvins-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: CALVINS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x24c
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 30617
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081104205321.084539-000
Event Type: Audit Success
User:

Computer Name: Calvins-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: CALVINS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x24c
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 30616
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081104205321.084539-000
Event Type: Audit Success
User:

Computer Name: Calvins-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 30615
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081104205320.844539-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\TortoiseSVN\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------


How is the computer behaving?

After i ran the TFC cleaner, on Reboot i noticed a dramatic decrease in the time it took for windows to start back up and let me log back in, not sure if this was intended but all is looking good in my opinon :P
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby Wingman » December 1st, 2009, 1:39 pm

Hello makem2203,

The MBAM scan was clean... the reference to the System Volume was there in case there were any infections found in old System Restore points.
The System Restore point files reside on the System Volume. System Restore points are "chained" or linked together, removing a restore point may break the System Restore function to restore the computer to an earlier time. As your scan was clean, this is not an issue.

MSConfig ... some thoughts.
(System Configuration Utility) is a troubleshooting utility used to diagnose and fix system configuration issues. In the Summary section Microsoft says:
"The System Configuration utility helps you find problems with your Windows XP configuration. It does not manage the programs that run when Windows starts."
Although it works as a basic startup manager, MSConfig should not be used routinely to disable auto-start programs. It is a temporary solution and not a good practice for the following reasons:
  • MSConfig allows malware related items to hide in your registry which you may not see or affect your computer until switched back to normal startup mode. This could then result in reinfection of the computer.
  • MSConfig does not list all applications loaded in all possible startup locations (some entry points are hidden and unknown to the user).
  • When uninstalling programs while disabled with MSConfig, they may not be uninstalled properly and manually editing the registry will be required to remove everything.
  • MSConfig will often leave orphaned entries when software is uninstalled. When used to switch back to normal startup mode, these orphan entries can result in boot up errors.
  • MSConfig only allows you to disable entries. To completely remove an entry from its' list you have to edit the registry, or use a third-party tool like MSConfig Cleanup Utility or a startup manager.
You should not use MSConfig to disable startup applications related to services. Doing so alters the registry and there are services that are essential for hardware and booting your system. When you uncheck a service in MSConfig, you completely disable it. If you uncheck the wrong one, you may not be able to restart your computer. You should only disable services using the Services Management Console (services.msc) where you can not disable services that may be vital to boot your system.

Black Viper's warning: Why can't I use MSConfig to change my services?
Note: Changing the default settings for services can be risky and might prevent key services from running correctly. Only change the status of a service if it is necessary.

A better alternative is to use a startup manager like:
  • Starter ... by CodeStuff - Win9x/Win2k/WinXP/Vista
  • Autoruns ... by Mark Russinovich and Bryce Cogswell - Win/XP and higher. Windows Server 2003 and higher.
  • Startup Control Panel ... by Mike Lin - Win9x/Win2k/WinXP/Vista
  • Startup Manager ... OpenSource - Win9x, WinME, Win2K, XP, Vista
  • StartEd Lite ... Win9x/Win2k/WinXP/Vista/Win7
For additional protection as well as managing startup items:
  • WinPatrol - Win 98 -thru- Windows 7 (including x64 systems)

Please do not make any changes to your system, run any "fix" programs and/or remove any files unless instructed to do so, by me.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:

  1. Please download ERUNT...by Lars Hederer. Save it to your desktop.
  2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
    VISTA users must right-click erunt-setup-exe, select "Run As Administrator" to run the install process. Install by following prompts.
  3. Use the default install settings... say "NO" to the section that asks you to add ERUNT to the Start-Up folder. You can enable this later.
  4. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
    VISTA users must right-click the desktop icon, select "Run As Administrator" or start it at the end of the setup process.
  5. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
  6. Make sure the first two check boxes are selected.
  7. Click on OK ... then click on "YES" to create the folder.
Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
    Vista users: Right-click on ERUNT in the menu, then select "Run As Administrator". If UAC prompts, please allow it.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
SReng - System Repair Engineer ...from KZTechs.COM.
Repair File Associations
If you already have SREng by Smallfrogs... when executed, it will check for any updated versions.
Download SREng ... © Smallfrogs ... save the .zip file to your desktop.
  1. Extract SREngLdr.EXE to your Desktop...then double-click to run it.
    Using VISTA: you must right click on SREngLdr.EXE, then select "Run As Administrator", to run it.
  2. Select System Repair from the left pane.
  3. Click on the File Association...tab.
  4. Check each entry that has an Error status...then click the Repair button.
  5. Refer to this image for an example:
    Image
  6. In the above example (only) ... it would be .TXT, .REG, .SCR and .INI file associations that need repairing.
    Your case may be different...
  7. Once finished... Close and Exit SREng.

Step 3.
Enable disabled entries in MSConfig
You must be using a logon with Administrative permissions.
I would like you to enable previously disabled entries by doing the following:
  1. Please click on START, then RUN,
    Using Vista, use the -Instant Search- entry box on the Start Menu.
  2. In the text entry box...please type msconfig...then press "OK".
    When the System Configuration window appears:
  3. Click on the Services tab ... then press the Enable All button.
  4. Click on the Startup tab ... then press the Enable All button.
  5. Then press "Apply" and "OK"...as needed, until you can exit the program. Reboot the computer now.

Step 4.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced.<<will be maximized
  3. Please post ONLY the "log.txt", file contents in your next reply.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. RSIT log.txt file contents
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby makem2203 » December 3rd, 2009, 7:34 pm

Hello wingman, sorry for the late response....

I had no problems executing your instructions. :)

log is below:

Logfile of random's system information tool 1.06 (written by random/random)
Run by calvin at 2009-12-03 23:28:31
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 211 GB (45%) free of 469 GB
Total RAM: 3070 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:23, on 03/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\Reclusa\razerhid.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Razer\Reclusa\razertra.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Xfire\Xfire.exe
C:\Users\calvin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\calvin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QTEO Agent] C:\Windows\system32\28463\QTEO.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [28c7e029] rundll32.exe "C:\Users\calvin\AppData\Local\Temp\uxjnqoka.dll",b
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/56.31/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1956764499
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1956856774
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 9999 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Driver Robot.job
C:\Windows\tasks\Recovery DVD Creator.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-09-11 264720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\Windows\System32\msconfig.exe [2008-01-19 227840]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
"SoundTray"=C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe [2007-09-27 53248]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-01-09 4186112]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-10-25 1302528]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME\TomTomHOME.exe [2007-05-15 3975848]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe /icon []
"SaiMfd"=C:\Program Files\Saitek\Software\SaiMfd.exe [2005-11-03 126976]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-01-11 232184]
"Reclusa"=C:\Program Files\Razer\Reclusa\razerhid.exe [2007-03-07 167936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"QTEO Agent"=C:\Windows\system32\28463\QTEO.exe []
"Profiler"=C:\Program Files\Saitek\Software\ProfilerU.exe [2005-10-18 163840]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-02-21 366400]
"MSPService"=C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe [2007-06-12 102400]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Habu"=C:\Program Files\Razer\Habu\razerhid.exe [2007-05-11 176128]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"Steam"=c:\program files\steam\steam.exe [2009-11-06 1217808]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"28c7e029"=C:\Users\calvin\AppData\Local\Temp\uxjnqoka.dll,b []

C:\Users\calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe
Xfire.lnk - C:\Program Files\Xfire\xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2009-12-03 23:26:12 ----D---- C:\Users\calvin\AppData\Roaming\Webshots
2009-12-03 23:03:31 ----D---- C:\Program Files\ERUNT
2009-11-30 19:33:46 ----A---- C:\Windows\system32\xfcodec.dll
2009-11-29 21:18:45 ----D---- C:\rsit
2009-11-25 03:02:58 ----A---- C:\Windows\system32\tzres.dll
2009-11-24 20:42:18 ----A---- C:\Windows\system32\msxml6.dll
2009-11-24 20:42:18 ----A---- C:\Windows\system32\msxml3.dll
2009-11-22 19:26:01 ----D---- C:\Program Files\Spring 1944
2009-11-14 20:56:34 ----D---- C:\Program Files\LogMeIn Hamachi
2009-11-12 00:57:13 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-11-10 17:02:11 ----D---- C:\Program Files\DAEMON Tools Lite
2009-11-10 17:01:54 ----D---- C:\Users\calvin\AppData\Roaming\DAEMON Tools Lite
2009-11-10 17:01:51 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-11-10 16:58:52 ----D---- C:\Program Files\2K Games
2009-11-10 16:57:48 ----D---- C:\BDS
2009-11-09 22:34:27 ----A---- C:\Windows\system32\javaws.exe
2009-11-09 22:34:27 ----A---- C:\Windows\system32\javaw.exe
2009-11-09 22:34:27 ----A---- C:\Windows\system32\java.exe
2009-11-08 00:12:23 ----D---- C:\Program Files\BitTornado
2009-11-06 22:29:24 ----D---- C:\Program Files\GIMP-2.0
2009-11-04 16:37:32 ----A---- C:\Windows\system32\mshtml.dll

======List of files/folders modified in the last 1 months======

2009-12-03 23:28:51 ----D---- C:\Windows\temp
2009-12-03 23:28:42 ----D---- C:\Windows\Prefetch
2009-12-03 23:28:01 ----D---- C:\ProgramData\Xfire
2009-12-03 23:27:40 ----D---- C:\Program Files\Xfire
2009-12-03 23:27:07 ----D---- C:\Program Files\Steam
2009-12-03 23:26:55 ----D---- C:\Users\calvin\AppData\Roaming\Xfire
2009-12-03 23:26:21 ----D---- C:\ProgramData\Kaspersky Lab
2009-12-03 23:14:03 ----D---- C:\ProgramData\NVIDIA
2009-12-03 23:11:48 ----D---- C:\Windows\pss
2009-12-03 23:06:34 ----D---- C:\Windows\ERDNT
2009-12-03 23:03:31 ----RD---- C:\Program Files
2009-12-03 13:47:05 ----SHD---- C:\Windows\Installer
2009-12-03 13:47:04 ----D---- C:\ProgramData\Microsoft Help
2009-12-03 13:44:13 ----SHD---- C:\System Volume Information
2009-12-01 17:19:47 ----D---- C:\Users\calvin\AppData\Roaming\TeamViewer
2009-11-29 21:01:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-29 21:01:06 ----D---- C:\Windows\system32\drivers
2009-11-29 20:54:38 ----D---- C:\Windows
2009-11-29 17:10:23 ----D---- C:\Windows\system32\catroot2
2009-11-27 00:02:08 ----D---- C:\Program Files\Spring Engine
2009-11-26 22:00:50 ----D---- C:\Program Files\Common Files\Steam
2009-11-25 17:38:17 ----D---- C:\Windows\rescache
2009-11-25 03:40:28 ----D---- C:\Windows\system32\en-US
2009-11-25 03:40:28 ----AD---- C:\Windows\System32
2009-11-25 03:04:00 ----D---- C:\Windows\winsxs
2009-11-25 03:03:30 ----D---- C:\Windows\system32\catroot
2009-11-22 16:19:37 ----D---- C:\Windows\Minidump
2009-11-22 16:03:53 ----A---- C:\Windows\system32\pbsvc.exe
2009-11-18 01:33:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-12 04:50:43 ----D---- C:\Program Files\Windows Mail
2009-11-11 03:32:52 ----D---- C:\Users\calvin\AppData\Roaming\gtk-2.0
2009-11-10 17:55:22 ----D---- C:\Users\calvin\AppData\Roaming\Hamachi
2009-11-10 17:30:24 ----RSD---- C:\Windows\assembly
2009-11-10 17:27:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-10 17:27:43 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-10 17:11:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-10 17:01:51 ----HD---- C:\ProgramData
2009-11-09 22:34:07 ----D---- C:\Program Files\Java
2009-11-05 17:36:21 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-06-15 128016]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-09-11 280592]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]
R2 WinFLdrv;WinFLdrv; C:\Windows\system32\WinFLdrv.sys [2009-08-19 10752]
R2 WinVd32;WinVd32; \??\C:\Windows\system32\WinVd32.sys [2009-08-19 180224]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-10-25 354304]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HabuFltr;Habu Mouse; C:\Windows\system32\drivers\habu.sys [2006-10-23 27776]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-14 9557216]
R3 RecFltr;Reclusa Keyboard; C:\Windows\System32\Drivers\RecFltr.sys [2007-01-18 41984]
R3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys [2006-07-27 13824]
R3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2006-07-27 35200]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S2 ASInsHelp;ASInsHelp; \??\C:\Windows\system32\drivers\AsInsHelp32.sys []
S3 ai9fjyw9;ai9fjyw9; C:\Windows\system32\drivers\ai9fjyw9.sys []
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\Windows\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\Windows\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 Cam5603D;BisonCam, NB Pro; C:\Windows\System32\Drivers\BisonCam.sys [2005-12-19 649088]
S3 catchme;catchme; \??\C:\Users\calvin\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-09 1655464]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SaiH075C;SaiH075C; C:\Windows\system32\DRIVERS\SaiH075C.sys [2006-07-27 176640]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys []
S3 SysProtDrv.sys;SysProtDrv.sys; \??\C:\Users\calvin\Desktop\SysProt\SysProtDrv.sys [2009-11-24 44288]
S3 tap0801;TAP-Win32 Adapter V8; C:\Windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-04-19 131368]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 12032]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-10-19 86016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-14 215584]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-03-06 266343]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-01-11 166648]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-11 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-26 320760]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

My computer is behaving very slow..i'm gussing it's due to all of the programs that started on boot... so is the any specific start up manager you find is better than the others you suggested? if so, do i need to notify you on what i am doing(with the start up manager) ?
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby Wingman » December 4th, 2009, 3:18 pm

Hello makem2230,

You have quite a few applications that are started when you first boot your computer. Many of these can be started manually, when you need their functionality. I will provide a list of these programs, so that you can decide whether they should be included in the Startup process. Then there are several methods we could use to eliminate them from starting when you boot our machine.
I have used both Startup Control Panel by Mike Lin and WinPatrol. I prefer WinPatrol because it has some additional protection features.
Please DO NOT install any Startup Manager process yet.

Please, I must strongly urge you to not make any changes to your system, by adding/ removing software, running any "fix" programs and/or removing any files unless instructed to do so, by me.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.


Step 1.
ERUNT - Emergency Recovery Utility NT
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
    Vista users: Right-click on ERUNT in the menu, then select "Run As Administrator". If UAC prompts, please allow it.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
OTM
  1. Please download OTM.exe...by Old Timer. Save it to your desktop.
  2. Right click on OTM.exe and select Run As Administrator to run it. If Windows UAC prompts, please allow it.
  3. Please copy and paste the text in the Code box below, into OTM (1).
    Please refer to the OTM screen image below, for reference.
    Warning: Do not type it out... errors could damage your machine.
    Code: Select all
    :Processes
    :Reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"=-
    "QTEO Agent"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "28c7e029"=-
    :Files
    C:\Windows\system32\28463
    C:\Users\calvin\AppData\Local\Temp\uxjnqoka.dll
    C:\Program Files\BitTornado
    :Commands
    [EmptyTemp]
    [Start Explorer]
    [Reboot]
    


    Please refer to this image to use OTM.

    Image

  4. Check the box "Unregister Dll's and OCX's ... if not checked.
  5. Click on MoveIt! (2)
  6. The end results of the processing will be in 2 places:
    • The Results window on the right side of the OTM screen.
    • A log (text) file created in "C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log"
  7. Copy all the text from the Results window... Open Notepad, paste the OTM results into the Notepad file, save it on your desktop.
  8. Click Exit (3) when done.
  9. Please paste the entire content from the OTM (Results) window (Notepad file) or the OTM log file, in your next reply.
NOTE: If your computer did not automatically reboot... please reboot it (normally) now!

Step 3.
Kaspersky Online Scanner.
Vista users:
Please right-click either the IE or FF Start Menu or Quick Launch Bar icons... select Run As Administrator from the context menu.

Please go to Kaspersky Online Virus Scanner © Kaspersky Lab to perform an online antivirus scan.
  1. Read the "Advantages - Requirements and Limitations" then press... the ACCEPT...button.
    The latest program and definition files will be downloaded. It takes time, please be patient, let it finish.
  2. Once the files have been downloaded, click on the SETTINGS...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the SAVE...button, if you made any changes.
  3. Now under the Scan section on the left:
      Select My Computer
    The program will start scanning your system. This takes a while, be patient... let it run.
    Once the scan is complete it will display if your system has been infected.
  4. Save the scan results as a Text file ... save it to your desktop.
  5. Copy and paste the saved scan results file in your next reply.

Step 4.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced.<<will be maximized
  3. Please post ONLY the "log.txt", file contents in your next reply.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTM results.
  3. KAS online scan results.
  4. RSIT log.txt file contents.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Computer Running lots of uneeded processors (Slow PC)

Unread postby makem2203 » December 4th, 2009, 4:53 pm

Hello wingman, while following your instructions i ran into a problem on step 3.

While downloading the kaspersky 7.0 scanners files.. it encountered a error.. there is a screenshot below:
Image



Would you like for me to skip this step and continue with your steps 4 and 5?

Also, here is the log that you needed for step 2:

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QTEO Agent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\28c7e029 deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\28463 not found.
File/Folder C:\Users\calvin\AppData\Local\Temp\uxjnqoka.dll not found.
C:\Program Files\BitTornado folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: calvin
->Temp folder emptied: 2231320 bytes
->Temporary Internet Files folder emptied: 32369589 bytes
->Java cache emptied: 14399331 bytes
->FireFox cache emptied: 89155955 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 750262 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 132.53 mb


OTM by OldTimer - Version 3.1.2.0 log created on 12042009_203926

Files moved on Reboot...

Registry entries deleted on Reboot...


Thank you for your help so far,

Makem.
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware