Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2] 3  All   Go Down

Author Topic: poor start up. and slow  (Read 12926 times)

0 Members and 1 Guest are viewing this topic.

SuperDave

  • Malware Removal Specialist
  • Moderator


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: poor start up. and slow
« Reply #15 on: November 16, 2010, 12:49:26 PM »
What browser are you using? If you're using FireFox, right-click on the link, save link as. Then you will get a box. Chose the download site as desktop and change the name at the bottom.
Logged
Windows 8 and Windows 10 dual boot with two SSD's

mkkandb53

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Unknown
    Re: poor start up. and slow
    « Reply #16 on: November 16, 2010, 04:06:04 PM »
    still won't run. followed all the prompts
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: poor start up. and slow
    « Reply #17 on: November 17, 2010, 11:48:41 AM »
    Quote from: mkkandb53 on November 16, 2010, 04:06:04 PM
    still won't run. followed all the prompts
    What do you mean? Still can't save it to your desktop or it won't run after you saved it?
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    mkkandb53

      Topic Starter


      Rookie

      • Experience: Beginner
      • OS: Unknown
      Re: poor start up. and slow
      « Reply #18 on: November 17, 2010, 05:38:31 PM »
      still can't save as another name. and it downloads to the desktop as combofix and will not
      run. program opens but then just hangs .no window prompts that it's doing anything.
      I've left it open for hours and still nothing..just freezes i have to shut down and restart.
      Logged

      SuperDave

      • Malware Removal Specialist
      • Moderator


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: poor start up. and slow
      « Reply #19 on: November 18, 2010, 12:10:59 PM »
      Ok. Let's try something else.

      Download OTL  to your Desktop
      • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
      • Under the Custom Scan box paste this in
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %SYSTEMDRIVE%\*.exe
      %systemroot%\*. /mp /s
      c:\$recycle.bin\*.* /s
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      nvstor32.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      explorer.exe
      svchost.exe
      userinit.exe
      qmgr.dll
      ws2_32.dll
      proquota.exe
      imm32.dll
      kernel32.dll
      ndis.sys
      autochk.exe
      spoolsv.exe
      xmlprov.dll
      ntmssvc.dll
      mswsock.dll
      Beep.SYS
      ntfs.sys
      termsrv.dll
      sfcfiles.dll
      st3shark.sys
      ahcix86.sys
      srsvc.dll
      nvrd32.sys
      /md5stop
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
        • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
        • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      mkkandb53

        Topic Starter


        Rookie

        • Experience: Beginner
        • OS: Unknown
        Re: poor start up. and slow
        « Reply #20 on: November 18, 2010, 05:49:46 PM »
        here they are dave thanks
        OTL logfile created on: 11/18/2010 6:55:28 PM - Run 1
        OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Owner\Desktop
        Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
        Internet Explorer (Version = 7.0.5730.13)
        Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
         
        1,022.00 Mb Total Physical Memory | 379.00 Mb Available Physical Memory | 37.00% Memory free
        1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
        Paging file location(s): C:\pagefile.sys 384 768 [binary data]
         
        %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
        Drive C: | 464.83 Gb Total Space | 380.46 Gb Free Space | 81.85% Space Free | Partition Type: NTFS
         
        Computer Name: DESKTOP | User Name: Owner | Logged in as Administrator.
        Boot Mode: Normal | Scan Mode: Current user | Quick Scan
        Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
         
        ========== Processes (SafeList) ==========
         
        PRC - [2010/11/18 18:54:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
        PRC - [2010/11/18 16:37:00 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
        PRC - [2010/11/18 16:36:58 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
        PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
        PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
        PRC - [2010/06/24 09:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
        PRC - [2010/05/17 10:16:52 | 000,177,600 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
        PRC - [2010/03/18 14:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
        PRC - [2010/02/14 14:02:55 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
        PRC - [2008/08/26 18:16:56 | 000,167,936 | ---- | M] (Emery Info-Engineering <[email protected]>) -- C:\WINDOWS\system32\SWEEPER.EXE
        PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
        PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
         
         
        ========== Modules (SafeList) ==========
         
        MOD - [2010/11/18 18:54:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
        MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
         
         
        ========== Win32 Services (SafeList) ==========
         
        SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
        SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
        SRV - File not found [Disabled | Stopped] -- C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
        SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
        SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
        SRV - [2010/11/18 16:36:58 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
        SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
        SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
        SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
        SRV - [2010/06/24 09:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
        SRV - [2010/03/18 14:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
        SRV - [2010/02/24 19:00:50 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
        SRV - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
        SRV - [2006/04/18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
         
         
        ========== Driver Services (SafeList) ==========
         
        DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys -- (BOCDRIVE)
        DRV - [2010/11/04 15:54:27 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
        DRV - [2010/09/14 03:44:34 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
        DRV - [2010/09/14 03:44:34 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
        DRV - [2010/09/14 03:44:34 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
        DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
        DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
        DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
        DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
        DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
        DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
        DRV - [2010/08/12 07:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
        DRV - [2010/02/24 14:06:36 | 000,173,328 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
        DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
        DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
        DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
        DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
        DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
        DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
        DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
        DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
        DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
        DRV - [2006/12/10 16:43:59 | 000,062,865 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
        DRV - [2006/12/04 10:52:10 | 000,323,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAV192.X86.SYS -- (USBAV192.X86)
        DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
        DRV - [2005/08/15 10:08:26 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
        DRV - [2005/08/15 10:08:26 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
        DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
        DRV - [2004/06/17 23:41:16 | 000,386,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netwg311.sys -- (netwg311)
        DRV - [2004/04/12 03:05:55 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
        DRV - [2004/04/12 03:05:55 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
        DRV - [2004/02/20 16:13:58 | 000,017,217 | R--- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
        DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
        DRV - [2003/06/30 21:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
        DRV - [2001/08/17 16:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
         
         
        ========== Standard Registry (SafeList) ==========
         
         
        ========== Internet Explorer ==========
         
        IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
         
        IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
        IE - HKCU\..\URLSearchHook: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
        IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
         
        ========== FireFox ==========
         
        FF - prefs.js..browser.search.defaultenginen ame: "Google"
        FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
        FF - prefs.js..browser.search.suggest.enable d: false
        FF - prefs.js..browser.search.update: false
        FF - prefs.js..browser.search.useDBForOrder: true
        FF - prefs.js..browser.startup.homepage: "http://www.google.com"
        FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
        FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
        FF - prefs.js..extensions.enabledItems: [email protected]:1.0
         
         
        FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/19 18:36:49 | 000,000,000 | ---D | M]
        FF - HKLM\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files\K-Meleon\Plugins [2010/09/08 18:12:08 | 000,000,000 | ---D | M]
        FF - HKLM\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files\K-Meleon\Components [2010/09/08 18:12:32 | 000,000,000 | ---D | M]
        FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/29 14:07:42 | 000,000,000 | ---D | M]
        FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/12 17:10:14 | 000,000,000 | ---D | M]
        FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/08/22 16:33:34 | 000,000,000 | ---D | M]
         
        [2010/03/13 12:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
        [2010/01/13 19:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
        [2010/03/13 12:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
        [2010/11/16 19:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52u6srnc.default\extensions
        [2009/09/02 16:47:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52u6srnc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
        [2010/09/06 15:32:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52u6srnc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
        [2009/04/19 16:32:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52u6srnc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
        [2010/04/01 03:54:14 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52u6srnc.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
        [2010/03/31 18:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52u6srnc.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
        [2009/09/10 18:08:35 | 000,002,237 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52u6srnc.default\searchplugins\demonoid-torrent-pool.xml
        [2010/11/16 19:17:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
        [2010/09/12 17:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
        [2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
        [2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
         
        O1 HOSTS File: ([2009/05/17 11:10:54 | 000,000,698 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
        O1 - Hosts: 127.0.0.1 localhost
        O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
        O2 - BHO: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
        O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
        O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
        O3 - HKLM\..\Toolbar: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
        O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
        O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
        O3 - HKCU\..\Toolbar\WebBrowser: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
        O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
        O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
        O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
        O4 - HKLM..\Run: [Internet Sweeper] C:\WINDOWS\System32\SWEEPER.EXE (Emery Info-Engineering <[email protected]>)
        O4 - HKLM..\Run: [KernelFaultCheck]  File not found
        O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
        O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
        O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
        O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
        O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
        O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
        O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
        O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
        O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
        O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
        O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
        O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
        O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195937349625 (MUWebControl Class)
        O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
        O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
        O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
        O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.16 68.105.29.16
        O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
        O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
        O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
        O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
        O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
        O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
        O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
        O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
        O32 - HKLM CDRom: AutoRun - 1
        O32 - AutoRun File - [2007/08/22 17:04:11 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
        O33 - MountPoints2\{223d93e4-2ea7-11df-a3f9-000d56c8e596}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
        O33 - MountPoints2\{fb8bae00-6911-11df-a446-000d56c8e596}\Shell - "" = AutoRun
        O33 - MountPoints2\{fb8bae00-6911-11df-a446-000d56c8e596}\Shell\AutoRun - "" = Auto&Play
        O33 - MountPoints2\{fb8bae00-6911-11df-a446-000d56c8e596}\Shell\AutoRun\command - "" = F:\MI.exe -- File not found
        O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
        O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
        O35 - HKLM\..comfile [open] -- "%1" %*
        O35 - HKLM\..exefile [open] -- "%1" %*
        O37 - HKLM\...com [@ = comfile] -- "%1" %*
        O37 - HKLM\...exe [@ = exefile] -- "%1" %*
        O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
         
        NetSvcs: 6to4 -  File not found
        NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
        NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
        NetSvcs: Ias -  File not found
        NetSvcs: Iprip -  File not found
        NetSvcs: Irmon -  File not found
        NetSvcs: NWCWorkstation -  File not found
        NetSvcs: WmdmPmSp -  File not found
         
        MsConfig - Services: "EPSON_PM_RPCV4_01"
        MsConfig - Services: "NBService"
        MsConfig - Services: "LightScribeService"
        MsConfig - Services: "ERSvc"
        MsConfig - Services: "CTCommunicationService"
        MsConfig - Services: "CometBatchReportService"
        MsConfig - Services: "WMPNetworkSvc"
        MsConfig - Services: "WinDefend"
        MsConfig - Services: "SQLWriter"
        MsConfig - Services: "SQLBrowser"
        MsConfig - Services: "ose"
        MsConfig - Services: "NMIndexingService"
        MsConfig - Services: "MSSQL$SQLEXPRESS"
        MsConfig - Services: "Maxtor Sync Service"
        MsConfig - Services: "Lavasoft Ad-Aware Service"
        MsConfig - Services: "JavaQuickStarterService"
        MsConfig - Services: "gusvc"
        MsConfig - Services: "idsvc"
        MsConfig - Services: "gupdate1ca3f7e131e347a"
        MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
        MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe - (Adobe Systems Incorporated)
        MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - Reg Error: Value error. - File not found
        MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk - Reg Error: Value error. - File not found
        MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe - (Hewlett-Packard)
        MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
        MsConfig - StartUpReg: Ad-Watch - hkey= - key= - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
        MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
        MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
        MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
        MsConfig - StartUpReg: AVG8_TRAY - hkey= - key= - Reg Error: Value error. File not found
        MsConfig - StartUpReg: BCMSMMSG - hkey= - key= - C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
        MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
        MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\BitTorrent_DNA\dna.exe ()
        MsConfig - StartUpReg: BOC-427 - hkey= - key= - Reg Error: Value error. File not found
        MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
        MsConfig - StartUpReg: EasyLinkAdvisor - hkey= - key= - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
        MsConfig - StartUpReg: EPSON PictureMate PM 240 - hkey= - key= -  File not found
        MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
        MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
        MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= -  File not found
        MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
        MsConfig - StartUpReg: Internet Sweeper - hkey= - key= -  File not found
        MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= -  File not found
        MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
        MsConfig - StartUpReg: MsgCenterExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe (RealNetworks, Inc.)
        MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\MSMSGS.EXE File not found
        MsConfig - StartUpReg: mxomssmenu - hkey= - key= - C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
        MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
        MsConfig - StartUpReg: RegistryMechanic - hkey= - key= - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
        MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
        MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
        MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - Reg Error: Value error. File not found
        MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
        MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
        MsConfig - StartUpReg: Windows Defender - hkey= - key= - Reg Error: Value error. File not found
        MsConfig - State: "system.ini" - 0
        MsConfig - State: "win.ini" - 0
        MsConfig - State: "bootini" - 0
        MsConfig - State: "services" - 2
        MsConfig - State: "startup" - 1
         
        SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
        SafeBootMin: Base - Driver Group
        SafeBootMin: Boot Bus Extender - Driver Group
        SafeBootMin: Boot file system - Driver Group
        SafeBootMin: File system - Driver Group
        SafeBootMin: Filter - Driver Group
        SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
        SafeBootMin: PCI Configuration - Driver Group
        SafeBootMin: PEVSystemStart - Service
        SafeBootMin: PNP Filter - Driver Group
        SafeBootMin: Primary disk - Driver Group
        SafeBootMin: procexp90.Sys - Driver
        SafeBootMin: SCSI Class - Driver Group
        SafeBootMin: sermouse.sys - Driver
        SafeBootMin: System Bus Extender - Driver Group
        SafeBootMin: vds - Service
        SafeBootMin: vga.sys - Driver
        SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
        SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
        SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
        SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
        SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
        SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
        SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
        SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
        SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
        SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
        SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
        SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
        SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
        SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
         
        SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
        SafeBootNet: Base - Driver Group
        SafeBootNet: Boot Bus Extender - Driver Group
        SafeBootNet: Boot file system - Driver Group
        SafeBootNet: File system - Driver Group
        SafeBootNet: Filter - Driver Group
        SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
        SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
        SafeBootNet: NDIS Wrapper - Driver Group
        SafeBootNet: NetBIOSGroup - Driver Group
        SafeBootNet: NetDDEGroup - Driver Group
        SafeBootNet: Network - Driver Group
        SafeBootNet: NetworkProvider - Driver Group
        SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
        SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
        SafeBootNet: PCI Configuration - Driver Group
        SafeBootNet: PEVSystemStart - Service
        SafeBootNet: PNP Filter - Driver Group
        SafeBootNet: PNP_TDI - Driver Group
        SafeBootNet: Primary disk - Driver Group
        SafeBootNet: procexp90.Sys - Driver
        SafeBootNet: SCSI Class - Driver Group
        SafeBootNet: sermouse.sys - Driver
        SafeBootNet: Streams Drivers - Driver Group
        SafeBootNet: System Bus Extender - Driver Group
        SafeBootNet: TDI - Driver Group
        SafeBootNet: UploadMgr - Service
        SafeBootNet: vga.sys - Driver
        SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
        SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
        SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
        SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
        SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
        SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
        SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
        SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
        SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
        SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
        SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
        SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
        SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
        SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
        SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
        SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
        SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
         
        ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
        ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
        ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
        ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
        ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
        ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
        ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
        ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
        ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
        ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
        ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
        ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
        ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
        ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
        ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
        ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
        ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
        ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
        ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
        ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
        ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
        ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
        ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
        ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
        ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
        ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
        ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
        ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
        ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
        ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
        ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
        ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
        ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
        ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
        ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
        ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
        ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
        ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
        ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
        ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
        ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
        ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
        ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
        ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
        ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
        ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
        ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
        ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
        ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
        ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
        ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
        ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
        ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
        ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
         
        Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
        Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
        Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
        Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
        Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
        Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
        Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
        Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
        Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
        Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
        Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
        Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
         
        ========== Files/Folders - Created Within 30 Days ==========
         
        [2010/11/18 18:54:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
        [2010/11/16 19:39:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
        [2010/11/14 07:00:00 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
        [2010/11/12 19:43:16 | 000,028,672 | ---- | C] (Doug Knox MS-MVP) -- C:\Documents and Settings\Owner\My Documents\MessengerDisable.exe
        [2010/11/01 13:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Wondershare PPT2Flash
        [2010/11/01 13:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
        [2007/09/19 16:25:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
        [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
        [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
         
        ========== Files - Modified Within 30 Days ==========
         
        [2010/11/18 18:54:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
        [2010/11/18 18:47:42 | 000,002,560 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\accounts.cfg.bak
        [2010/11/18 18:47:40 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fmnmtk.dat
        [2010/11/18 16:37:47 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
        [2010/11/18 04:40:57 | 000,000,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
        [2010/11/18 04:40:08 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-492894223-839522115-1003.job
        [2010/11/18 04:39:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
        [2010/11/16 19:05:42 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
        [2010/11/14 19:22:08 | 000,022,358 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20101114_192204.reg
        [2010/11/14 18:50:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-492894223-839522115-1003.job
        [2010/11/09 19:19:26 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Foxmail.ADC
        [2010/11/07 12:18:14 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
        [2010/11/07 12:18:14 | 000,000,109 | ---- | M] () -- C:\Documents and Settings\Owner\default.pls
        [2010/11/07 06:46:21 | 000,488,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
        [2010/11/07 06:46:21 | 000,089,130 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
        [2010/11/06 09:23:27 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob
        [2010/11/04 20:27:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
        [2010/11/04 15:54:29 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
        [2010/10/27 18:05:41 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ascenus.rtf
        [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
        [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
         
        ========== Files Created - No Company Name ==========
         
        [2010/11/18 04:40:46 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
        [2010/11/14 19:22:06 | 000,022,358 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20101114_192204.reg
        [2010/10/27 18:05:41 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ascenus.rtf
        [2010/08/29 17:16:57 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\flvvideo.dll
        [2010/08/29 17:16:56 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll
        [2010/02/14 19:05:45 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
        [2010/02/14 19:05:45 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
        [2010/02/14 19:05:44 | 007,437,824 | ---- | C] () -- C:\WINDOWS\System32\smfcore.dll
        [2009/09/08 17:13:20 | 000,000,062 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
        [2009/02/23 16:48:20 | 000,000,304 | ---- | C] () -- C:\WINDOWS\System32\RBuilder.ini
        [2008/12/25 12:17:41 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mcs.rma
        [2008/12/25 12:17:41 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\7B1B3F
        [2008/10/11 16:42:01 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mainhst.zgh
        [2008/09/11 18:29:21 | 000,000,098 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
        [2008/06/24 18:48:49 | 000,000,281 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
        [2007/12/15 18:23:56 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
        [2007/09/22 12:53:29 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
        [2007/09/19 16:25:58 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
        [2007/09/19 16:25:46 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ezpinst.exe
        [2007/09/19 16:25:46 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
        [2007/09/19 16:25:46 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
        [2007/09/14 19:24:39 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
        [2007/09/14 17:04:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
        [2007/08/22 17:39:03 | 000,243,712 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        [2007/01/11 19:56:05 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
        [2006/12/20 14:12:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
        [2006/12/17 18:04:36 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
        [2006/12/17 11:44:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
        [2006/12/10 21:50:29 | 000,000,019 | ---- | C] () -- C:\WINDOWS\EP_SNAP240.ini
        [2006/12/10 21:48:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
        [2006/12/10 21:46:21 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
        [2006/12/10 21:46:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\EAL.INI
        [2006/12/10 21:39:26 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
        [2006/12/10 21:25:47 | 000,010,349 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
        [2006/12/10 05:20:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
        [2006/12/04 10:52:10 | 000,323,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBAV192.X86.SYS
        [2006/11/16 15:14:22 | 000,374,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBAV192.X64.SYS
         
        ========== LOP Check ==========
         
        [2010/02/07 18:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
        [2009/09/01 17:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
        [2008/07/16 19:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
        [2007/10/06 11:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
        [2006/12/10 21:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
        [2007/09/15 08:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
        [2009/02/25 19:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
        [2007/09/14 17:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
        [2009/05/10 17:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
        [2010/11/18 18:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
        [2010/09/12 18:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
        [2010/03/13 12:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
        [2010/05/20 17:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
        [2009/12/19 18:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
        [2006/12/10 16:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{70FE9869-8D38-4EB3-8541-A735C2285CF7}
        [2010/10/11 15:33:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
        [2007/01/12 17:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems
        [2009/09/01 17:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
        [2010/02/20 14:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
        [2007/10/07 20:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent DNA
        [2009/04/11 08:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DisplayTune
        [2009/06/29 17:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrameSize Options
        [2010/09/20 18:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeIPODConverter
        [2009/11/27 09:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
        [2010/09/08 18:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\K-Meleon
        [2006/12/10 21:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
        [2008/06/17 18:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
        [2009/12/13 11:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\muvee Technologies
        [2008/01/27 16:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Picaboo
        [2010/02/14 14:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
        [2007/08/22 16:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
        [2010/08/22 16:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
        [2010/03/13 12:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom
        [2010/08/29 16:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
        [2010/09/12 17:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ZipGenius
        [2010/11/18 16:37:47 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
         
        ========== Purity Check ==========
         
         
         
        ========== Custom Scans ==========
         
         
        <  >
         
        < %SYSTEMDRIVE%\*.exe >
        [2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
         
        < %systemroot%\*. /mp /s >
         
        < c:\$recycle.bin\*.* /s >
         
        < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-10 23:39:24
         
         
        < MD5 for: AGP440.SYS  >
        [2008/02/17 09:05:42 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
        [2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
        [2008/02/17 09:05:42 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
        [2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
        [2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
        [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
        [2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
        [2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
         
        < MD5 for: ATAPI.SYS  >
        [2004/04/12 03:09:11 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
        [2008/02/17 09:05:42 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
        [2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
        [2008/02/17 09:05:42 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
        [2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
        [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
        [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
        [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
        [2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
         
        < MD5 for: AUTOCHK.EXE  >
        [2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
        [2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
        [2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\autochk.exe
        [2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
        [2004/08/04 02:56:47 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
         
        < MD5 for: BEEP.SYS  >
        [2004/04/12 02:59:16 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
        [2004/04/12 02:59:16 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
         
        < MD5 for: EVENTLOG.DLL  >
        [2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
        [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
        [2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
        [2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
         
        < MD5 for: EXPLORER.EXE  >
        [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
        [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
        [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
        [2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
        [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
        [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
         
        < MD5 for: IMM32.DLL  >
        [2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
        [2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
        [2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
        [2004/08/04 02:56:42 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll
         
        < MD5 for: KERNEL32.DLL  >
        [2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
        [2006/07/05 05:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
        [2004/08/04 02:56:42 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
        [2004/04/12 03:01:56 | 000,930,304 | ---- | M] (Microsoft Corporation) MD5=8F162DC91D67D87C1A481BF602A9DAC8 -- C:\WINDOWS\$NtUninstallKB917422_0$\kernel32.dll
        [2007/04/16 10:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
        [2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
        [2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
        [2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
        [2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
        [2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
        [2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$hf_mig$\KB917422\SP2GDR\kernel32.dll
        [2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
        [2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
         
        < MD5 for: MSWSOCK.DLL  >
        [2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
        [2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
        [2004/08/04 02:56:44 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
        [2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
        [2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
        [2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
        [2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
        [2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
        [2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll
        [2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
         
        < MD5 for: NDIS.SYS  >
        [2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
        [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
        [2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
        [2004/08/04 01:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
         
        < MD5 for: NETLOGON.DLL  >
        [2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
        [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
        [2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
        [2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
         
        < MD5 for: NTFS.SYS  >
        [2007/02/09 06:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
        [2007/02/09 06:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
        [2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
        [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys
        [2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
        [2004/08/03 22:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
        [2004/08/04 01:15:09 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
         
        < MD5 for: NTMSSVC.DLL  >
        [2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
        [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A33
        Logged

        SuperDave

        • Malware Removal Specialist
        • Moderator


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: poor start up. and slow
        « Reply #21 on: November 18, 2010, 06:31:14 PM »
        P2P - I see you have P2P software installed on your machine (BitTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

        Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

        I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
        *******************************************
        Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
        RegistryMechanic
        There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

        For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

        Further reading: XP Fixes Myth #1: Registry Cleaners
        ************************************************
        Let's try running ComboFix without renaming it.

        Download ComboFix by sUBs from one of the below links. 

        Important! You MUST save ComboFix to your desktop

        link # 1
        Link # 2

        Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

        Double click on ComboFix.exe & follow the prompts.

        Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

        Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

        When the scan completes it will open a text window.
         
        Post the contents of that log in your next reply.

        Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        mkkandb53

          Topic Starter


          Rookie

          • Experience: Beginner
          • OS: Unknown
          Re: poor start up. and slow
          « Reply #22 on: November 20, 2010, 05:28:28 AM »
          dave shut off all the anti virus and real time stuff.downloaded combo fit to the desktop and ran it ran till active window came up saying searching for infected files may that 10 min or
          could be double that time .let it go all night long .in tha morning was still at the same place
          and frozen.had to power off to get going again.not sure what to do now.since it won't run all
          the way with the scan.
          Logged

          SuperDave

          • Malware Removal Specialist
          • Moderator


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: poor start up. and slow
          « Reply #23 on: November 20, 2010, 11:18:40 AM »
          Ok. Let's try running it this way.

          Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

          Navigate to Start --> Run, and enter the following command exactly as shown:

          "%userprofile%\desktop\blackpudding.bat" /killall

          See if ComboFix will run now
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's

          mkkandb53

            Topic Starter


            Rookie

            • Experience: Beginner
            • OS: Unknown
            Re: poor start up. and slow
            « Reply #24 on: November 20, 2010, 03:15:14 PM »
            did what you stated and type in the command just as is and still won't run correctly.
            i copied and pasted the command also and still no.
            Logged

            SuperDave

            • Malware Removal Specialist
            • Moderator


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: poor start up. and slow
            « Reply #25 on: November 20, 2010, 04:54:16 PM »
            SysProt Antirootkit

            Download
            SysProt Antirootkit from the link below (you will find it at the bottom
            of the page under attachments, or you can get it from one of the
            mirrors).

            http://sites.google.com/site/sysprotantirootkit/

            Unzip it into a folder on your desktop.
            • Double click Sysprot.exe to start the program.
            • Click on the Log tab.
            • In the Write to log box select the following items.
              • Process << Selected
              • Kernel Modules << Selected
              • SSDT << Selected
              • Kernel Hooks << Selected
              • IRP Hooks << NOT Selected
              • Ports << NOT Selected
              • Hidden Files << Selected
            • At the bottom of the page
              • Hidden Objects Only << Selected
            • Click on the Create Log button on the bottom right.
            • After a few seconds a new window should appear.
            • Select Scan Root Drive. Click on the Start button.
            • When it is complete a new window will appear to indicate that the scan is finished.
            • The log will be saved automatically in the same folder Sysprot.exe was

            extracted to. Open the text file and copy/paste the log here.
            [/list]
            Logged
            Windows 8 and Windows 10 dual boot with two SSD's

            mkkandb53

              Topic Starter


              Rookie

              • Experience: Beginner
              • OS: Unknown
              Re: poor start up. and slow
              « Reply #26 on: November 20, 2010, 06:06:33 PM »
              done dave here is the log.
              SysProt AntiRootkit v1.0.1.0
              by swatkat

              ******************************************************************************************
              ******************************************************************************************

              No Hidden Processes found

              ******************************************************************************************
              ******************************************************************************************
              Kernel Modules:
              Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
              Service Name: ---
              Module Base: EEBB0000
              Module End: EEBC8000
              Hidden: Yes

              Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
              Service Name: ---
              Module Base: F7C99000
              Module End: F7C9B000
              Hidden: Yes

              ******************************************************************************************
              ******************************************************************************************
              SSDT:
              Function Name: ZwClose
              Address: EEC1FCF0
              Driver Base: EEC17000
              Driver End: EEC3E000
              Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

              Function Name: ZwCreateKey
              Address: EEC1FBAC
              Driver Base: EEC17000
              Driver End: EEC3E000
              Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

              Function Name: ZwDeleteKey
              Address: EEC20160
              Driver Base: EEC17000
              Driver End: EEC3E000
              Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

              Function Name: ZwDeleteValueKey
              Address: EEC2008A
              Driver Base: EEC17000
              Driver End: EEC3E000
              Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

              Function Name: ZwDuplicateObject
              Address: EEC1F782
              Driver Base: EEC17000
              Driver End: EEC3E000
              Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

              Function Name: ZwOpenKey
              Address: EEC1FC86
              Driver Base: EEC17000
              Driver End: EEC3E000
              Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

              Function Name: ZwOpenProcess
              Address: EEC1F6C2
              Driver Base: EEC17000
              Driver End: EEC3E000
              Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

              Function Name: ZwOpenThread
              Address: EEC1F726
              Driver Base: EEC17000
              Driver End: EEC3E000
              Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

              Function Name: ZwQueryValueKey
              Address: EEC1FDA6
              Driver Base: EEC17000
              Driver End: EEC3E000
              Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

              Function Name: ZwRenameKey
              Address: EEC2022E
              Driver Base: EEC17000
              Driver End: EEC3E000
              Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

              Function Name: ZwRestoreKey
              Address: EEC1FD66
              Driver Base: EEC17000
              Driver End: EEC3E000
              Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

              Function Name: ZwSetValueKey
              Address: EEC1FEE6
              Driver Base: EEC17000
              Driver End: EEC3E000
              Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

              Function Name: ZwTerminateProcess
              Address: EEDD1620
              Driver Base: EEDC7000
              Driver End: EEDE9000
              Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

              ******************************************************************************************
              ******************************************************************************************
              Kernel Hooks:
              Hooked Function: ZwLoadDriver
              At Address: 805A3B73
              Jump To: EEC2CB10
              Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

              Hooked Function: ZwCreateSection
              At Address: 805652B3
              Jump To: EEC2C9D6
              Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

              Hooked Function: ZwCreateProcessEx
              At Address: 8057FE4C
              Jump To: EEC2CBB2
              Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

              Hooked Function: ObMakeTemporaryObject
              At Address: 8059F8CA
              Jump To: EEC285D4
              Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

              Hooked Function: ObInsertObject
              At Address: 8056503A
              Jump To: EEC29FFA
              Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

              ******************************************************************************************
              ******************************************************************************************
              No hidden files/folders found

              Logged

              SuperDave

              • Malware Removal Specialist
              • Moderator


                • Genius
                • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: poor start up. and slow
              « Reply #27 on: November 21, 2010, 11:10:37 AM »
              Download DeFogger by jpshortstuffand save it to your desktop.
               
              * Double click DeFogger.exe to run the tool.
              * The application window will appear.
              * Click the Disable button to disable your CD Emulation drivers
              * Click Yes to continue.
              * A 'Finished!' message will appear.
              * Click OK.
              * DeFogger will now ask to reboot the machine...click OK.
               
              IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
               
              Do not re-enable these drivers until otherwise instructed.

              To re-enable your Emulation drivers, double click DeFogger to run the tool.

              * The application window will appear.
              * Click the Re-enable button to re-enable your CD Emulation drivers.
              * Click Yes to continue.
              * A 'Finished!' message will appear.
              * Click OK
              * DeFogger will now ask to reboot the machine, click OK

              IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

              Your Emulation drivers are now re-enabled.
              ***************************************
              Download ComboFix by sUBs from one of the below links. 

              Important! You MUST save ComboFix to your desktop

              link # 1
              Link # 2

              Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

              Double click on ComboFix.exe & follow the prompts.

              Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

              Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

              When the scan completes it will open a text window.
               
              Post the contents of that log in your next reply.

              Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.
              Logged
              Windows 8 and Windows 10 dual boot with two SSD's

              mkkandb53

                Topic Starter


                Rookie

                • Experience: Beginner
                • OS: Unknown
                Re: poor start up. and slow
                « Reply #28 on: November 21, 2010, 04:25:18 PM »
                dave ran defogger followed all the prompts and the ran combofix.loaded and then the autoscan window came up and just hung there with this message .scaning for infected files
                this takes 10 minutes but may take longer in bad infections. .then just froze at that point again. did you see anything in the logs such as malware or anything that would cause this problem?


                « Last Edit: November 22, 2010, 04:34:27 PM by SuperDave »
                Logged

                mkkandb53

                  Topic Starter


                  Rookie

                  • Experience: Beginner
                  • OS: Unknown
                  Re: poor start up. and slow
                  « Reply #29 on: November 22, 2010, 03:28:44 PM »
                  dave ran defogger followed all the prompts and the ran combofix.loaded and then the autoscan window came up and just hung there with this message .scaning for infected files
                  this takes 10 minutes but may take longer in bad infections. .then just froze at that point again. did you see anything in the logs such as malware or anything that would cause this problem?
                  Logged
                  Pages: 1 [2] 3  All   Go Up
                  « previous next »