Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

un-identified, slow to start and open new tabs in IE8


  • This topic is locked This topic is locked
29 replies to this topic

#1 igonuts2

igonuts2

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:10:47 AM

Posted 17 March 2010 - 02:51 AM

from http://www.bleepingcomputer.com/forums/t/303032/ie8-sloww-to-load/

new,
i get errors with any program to backup files. b4 using defogger of coarse. also after using GMER it wouldnt let me save the log. after chosing location it would flip to a search window saying "no results". so i c/p to an existing note pad and saved the changes. named the log GMER. i said in the other thread that i remeved LimeWire. looks like i didnt.

---------------------------
DDS (Ver_09-12-01.01) - NTFSx86
Run by Gwendo at 23:53:25.96 on Tue 03/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1725 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Users\Gwendo\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gwendo\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0709&m=aspire_5515
uWindow Title = Raven's Rook
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0709&m=aspire_5515
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0709&m=aspire_5515
mWindow Title =
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\gwendo\appdata\roaming\mozilla\firefox\profiles\z6db79i3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.paganspace.net/profile/llunaticraven
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-26 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-26 29512]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-26 308064]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-7-16 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-27 1153368]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

=============== Created Last 30 ================

2010-03-17 06:51:29 0 ----a-w- c:\users\gwendo\defogger_reenable
2010-03-17 00:29:19 23088 ----a-w- c:\windows\hpqins15.dat
2010-03-06 22:12:21 0 d-----w- c:\programdata\NOS
2010-02-28 14:16:29 38 ----a-w- c:\windows\avisplitter.ini
2010-02-28 14:16:29 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-28 14:16:28 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-28 14:16:28 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-02-28 14:16:28 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-02-28 14:16:28 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-02-28 14:16:28 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-02-28 14:16:27 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-28 14:16:25 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-28 14:16:25 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-02-28 14:16:24 0 d-----w- c:\program files\K-Lite Codec Pack
2010-02-23 20:47:56 0 d-----w- c:\program files\Yahoo!
2010-02-23 20:16:03 0 d-----w- c:\programdata\Google
2010-02-23 20:08:14 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 20:07:49 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 20:07:48 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 20:07:42 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 20:07:41 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 20:07:41 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 20:07:41 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 20:07:40 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 20:07:40 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 20:07:40 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 20:07:29 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-23 20:07:28 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-23 20:07:28 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-23 02:29:42 0 d-----w- c:\programdata\Xerox
2010-02-20 10:13:55 0 d-----w- c:\programdata\PopCap Games
2010-02-20 09:53:48 0 d-----w- c:\users\gwendo\Office Genuine Advantage
2010-02-20 09:53:48 0 d-----w- c:\programdata\Office Genuine Advantage
2010-02-16 11:14:03 0 d-----w- c:\programdata\PopCap
2010-02-15 10:12:22 0 d-----w- c:\users\gwendo\appdata\roaming\PySolFC
2010-02-15 10:11:32 0 d-----w- c:\program files\PySol Fan Club edition

==================== Find3M ====================

2010-03-17 00:04:33 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-17 00:04:33 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-17 00:04:32 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-13 23:59:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 23:58:58 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-24 23:33:24 982 ----a-w- c:\users\gwendo\appdata\roaming\wklnhst.dat
2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-16 21:51:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-18 01:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-26 11:19:22 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:55:03.91 ===============

Edited by igonuts2, 17 March 2010 - 04:11 AM.

Why work when you can play!

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:47 PM

Posted 20 March 2010 - 11:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:10:47 AM

Posted 20 March 2010 - 05:05 PM

First off,
Ty mytri, for your assistance. Already subscribed to the topic. Looks like we will be playing tag as I’m not up in the AM.

This was my mothers pc. I fear my nephew had his way with it before I got it. I'm finding various services re- p2p. I would like you to treat and advise me on them the way you would advise me on actions for mal/spy/virus and so on. I dont wish that you do more work than is needed for disinfection. You're busy bees here. Just pre-assume I dont want them and add any disable/removal instructions right along side any other instuctions you advise. Ty.

Per request.

History;
IE7, When I opened a new tab within a link on a page, blank tabs, or same link tabs keep opening up (not mixed, either blanks or repeated correct pages). Have to kill IE. I'm assuming that's my mouse.

No noticeable issues until I updated to IE8 from windows site.. First time, I went to open IE and got a message window re- HP add-on will cause IE to start slowly. So I updated that via HP site. There was an update for that issue.

Second attempt at starting IE8 took a good minute and didn't develop. After two minutes it would develop.

Adobe and HP add-ons were taking 11 seconds to start. So I tried w/o all ad-ons. No change.

Same delay if I open IE properties. Inside or outside IE.

Once everything develops, I can go from page to page really quick. But if I open a new tab, it takes forever again.

This is true with or w/o all services not Microsoft turned off. IE has been reset.

----------------

Netstat -ab sample results during IE request;

TCP [::]:445 Gwendo-PC:0 LISTENING

Can not obtain ownership information

x: Windows Sockets initialization failed: 5
TCP [::]:554 Gwendo-PC:0 LISTENING
[wmpnetwk.exe]
TCP [::]:2869 Gwendo-PC:0 LISTENING

Can not obtain ownership information

x: Windows Sockets initialization failed: 5
TCP [::]:5357 Gwendo-PC:0 LISTENING

---------------------
Firefox doesn’t seem effected.

I ran MBAM, SAS, Spybot, AVG, and Bit online. Didn’t find anything. I did run Rootrepeal, but it didn’t like Vista and froze, I assumed. (EDIT 3-20, i dl'd Sophos Antirootkit, it ran. No changes were made, and it didn't find anything either). I run CCleaner at start up.

Spybot, HJT, and MBAM now display intermittent runtime errors, and sometimes won’t run. Spywareblaster won't load at all.

All my backup programs display errors or freeze (w/o defogger).

In the other thread I told them I had removed LimeWire and another P2P program. Looks like I didn’t remove LimeWire. Already posted here, so I left it.
---------

EDIT: UPDATE 21:41 march 20

The pc/laptop is now very slow now. everything i do, even just type, lags and shows that blue circle next to the curser.

----------------------

OTL log;

OTL logfile created on: 3/20/2010 2:48:23 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Gwendo\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 34.29 Gb Free Space | 49.33% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 67.36 Gb Free Space | 96.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GWENDO-PC
Current User Name: Gwendo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/20 14:36:02 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Gwendo\Desktop\OTL.exe
PRC - [2010/03/13 16:59:41 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/13 16:59:38 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 16:59:37 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 16:58:58 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/13 16:58:56 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 16:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/07/16 19:03:25 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Gwendo\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/28 10:56:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/07/22 20:05:18 | 000,846,344 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/02 20:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/04/25 22:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/25 22:36:20 | 000,028,672 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/25 22:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/20 19:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005/08/18 04:32:52 | 000,077,824 | ---- | M] (Microsoft® Corporation) -- c:\Program Files\Microsoft Works\WkDStore.exe
PRC - [2005/08/18 04:13:48 | 000,122,880 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WksWP.exe
PRC - [2005/08/18 04:08:59 | 000,069,632 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\wkgdcach.exe


========== Modules (SafeList) ==========

MOD - [2010/03/20 14:36:02 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Gwendo\Desktop\OTL.exe
MOD - [2010/03/13 16:59:38 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/09/24 19:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/04/10 23:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/04/10 23:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/13 16:59:37 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/28 10:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/04/25 22:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/25 22:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/03/13 16:59:38 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/13 16:58:58 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/20 10:53:32 | 000,234,016 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/11/22 16:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008/10/01 10:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/08/06 19:40:40 | 000,129,552 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008/07/03 23:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/03 02:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/28 06:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/02/21 20:50:48 | 000,198,064 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/30 02:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 02:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/23 04:18:28 | 001,187,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/01/20 19:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 19:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/01/09 09:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/11/02 06:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-905093851-2381628477-366256562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5515
IE - HKU\S-1-5-21-905093851-2381628477-366256562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-905093851-2381628477-366256562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-905093851-2381628477-366256562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-905093851-2381628477-366256562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-905093851-2381628477-366256562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.paganspace.net/profile/llunaticraven"
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/16 17:29:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/02 07:08:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/06 15:12:26 | 000,000,000 | ---D | M]

[2009/12/27 19:53:46 | 000,000,000 | ---D | M] -- C:\Users\Gwendo\AppData\Roaming\Mozilla\Extensions
[2009/12/14 22:37:46 | 000,000,000 | ---D | M] -- C:\Users\Gwendo\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/16 22:34:47 | 000,000,000 | ---D | M] -- C:\Users\Gwendo\AppData\Roaming\Mozilla\Firefox\Profiles\z6db79i3.default\extensions
[2009/12/27 19:55:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gwendo\AppData\Roaming\Mozilla\Firefox\Profiles\z6db79i3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/11 16:45:27 | 000,000,000 | ---D | M] -- C:\Users\Gwendo\AppData\Roaming\Mozilla\Firefox\Profiles\z6db79i3.default\extensions\plugin@yontoo.com
[2010/03/16 22:34:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/18 16:20:54 | 000,380,731 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-domains-registrations.com
O1 - Hosts: 127.0.0.1 www.1-domains-registrations.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 13116 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gwendo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gwendo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/02/28 05:00:00 | 000,000,110 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/20 14:35:51 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Gwendo\Desktop\OTL.exe
[2010/03/18 14:13:54 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/03/17 12:47:05 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/17 12:47:05 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/17 12:47:04 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/17 12:47:04 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/17 12:47:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/17 12:47:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/17 12:47:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/17 12:47:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/17 12:47:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/17 12:47:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/17 12:47:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/17 12:47:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/17 12:47:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/17 12:47:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/17 12:46:36 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/03/17 00:02:51 | 000,000,000 | ---D | C] -- C:\Users\Gwendo\Desktop\gmer
[2010/03/16 17:04:51 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/03/16 17:04:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/03/16 17:04:51 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/03/16 17:04:50 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/03/16 17:04:50 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/03/16 17:04:50 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/03/16 17:04:50 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/03/16 17:04:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/03/16 17:04:49 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/03/16 17:04:49 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/03/16 17:04:49 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/03/16 17:04:49 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/03/16 17:04:48 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/16 17:04:48 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/03/16 17:04:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/03/16 17:04:48 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/03/16 17:04:47 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/03/16 17:04:47 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/03/16 17:04:47 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/03/16 17:04:46 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/03/16 17:04:45 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/03/16 17:04:45 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/03/16 17:04:45 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/03/16 17:04:45 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/03/16 17:04:45 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/03/16 17:04:45 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/03/16 17:04:45 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/03/06 15:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/03/02 21:18:10 | 000,000,000 | ---D | C] -- C:\Users\Gwendo\Documents\Bank, mom Questions
[2010/02/28 07:16:28 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2010/02/28 07:16:28 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010/02/28 07:16:28 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2010/02/23 13:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/02/23 13:08:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 13:07:49 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 13:07:48 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 13:07:42 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 13:07:41 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 13:07:41 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 13:07:41 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 13:07:40 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 13:07:40 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 13:07:40 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/23 13:07:29 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/23 13:07:28 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/23 13:07:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/22 19:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
[2010/02/20 03:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010/02/20 02:53:48 | 000,000,000 | ---D | C] -- C:\Users\Gwendo\Office Genuine Advantage
[2010/02/20 02:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2008/12/04 04:08:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/03/20 14:50:00 | 006,815,744 | -HS- | M] () -- C:\Users\Gwendo\NTUSER.DAT
[2010/03/20 14:36:02 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Gwendo\Desktop\OTL.exe
[2010/03/20 14:11:23 | 000,019,887 | ---- | M] () -- C:\Users\Gwendo\Desktop\Yahoo! Mail.url
[2010/03/20 14:07:56 | 057,417,231 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/20 14:06:45 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/20 14:06:45 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/20 14:06:45 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/20 14:02:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/20 14:02:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/20 14:02:08 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/03/20 14:01:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/20 14:01:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/20 14:01:28 | 2948,599,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/20 06:30:32 | 000,524,288 | -HS- | M] () -- C:\Users\Gwendo\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/03/20 06:30:32 | 000,065,536 | -HS- | M] () -- C:\Users\Gwendo\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/03/20 06:30:30 | 002,945,132 | -H-- | M] () -- C:\Users\Gwendo\AppData\Local\IconCache.db
[2010/03/19 13:45:18 | 000,000,315 | ---- | M] () -- C:\Users\Gwendo\Desktop\Google.url
[2010/03/19 13:43:19 | 000,000,211 | ---- | M] () -- C:\Users\Gwendo\Desktop\un-identified, slow to start and open new tabs in IE8.url
[2010/03/19 01:20:17 | 000,001,332 | ---- | M] () -- C:\Users\Gwendo\Desktop\becu questions.lnk
[2010/03/18 16:20:54 | 000,380,731 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/18 02:43:00 | 000,000,000 | ---- | M] () -- C:\Users\Gwendo\defogger_reenable
[2010/03/17 20:24:35 | 000,001,746 | ---- | M] () -- C:\Users\Gwendo\Desktop\Mozilla Firefox.lnk
[2010/03/17 14:32:40 | 000,380,731 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100318-161756.backup
[2010/03/17 00:01:58 | 000,284,915 | ---- | M] () -- C:\Users\Gwendo\Desktop\gmer.zip
[2010/03/16 23:51:00 | 000,050,477 | ---- | M] () -- C:\Users\Gwendo\Desktop\Defogger.exe
[2010/03/16 18:31:51 | 000,001,795 | ---- | M] () -- C:\Users\Gwendo\Desktop\Microsoft Works Task Launcher.lnk
[2010/03/16 17:30:32 | 000,023,088 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010/03/16 02:13:15 | 000,000,233 | ---- | M] () -- C:\Users\Gwendo\Desktop\BECU.url
[2010/03/15 11:22:30 | 000,000,286 | ---- | M] () -- C:\Users\Gwendo\Desktop\Netflix Queue.url
[2010/03/13 16:59:38 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/13 16:59:38 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/13 16:58:58 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/12 00:42:13 | 000,000,219 | ---- | M] () -- C:\Users\Gwendo\Desktop\Wikipedia.url
[2010/03/10 22:29:54 | 000,000,011 | ---- | M] () -- C:\Windows\PLANNER.INI
[2010/03/10 22:27:48 | 000,178,176 | ---- | M] () -- C:\Users\Gwendo\Documents\dayna_menhir calendar.mdb
[2010/03/09 01:02:08 | 000,001,355 | ---- | M] () -- C:\Users\Gwendo\Desktop\navy cu questions.lnk
[2010/02/28 13:00:05 | 000,008,192 | ---- | M] () -- C:\Users\Gwendo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 00:11:14 | 000,001,163 | ---- | M] () -- C:\Users\Gwendo\Desktop\Facebook Home.url
[2010/02/25 22:34:33 | 000,000,145 | ---- | M] () -- C:\Users\Gwendo\Desktop\CD Drive.lnk
[2010/02/24 16:33:24 | 000,000,982 | ---- | M] () -- C:\Users\Gwendo\AppData\Roaming\wklnhst.dat
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/24 04:06:28 | 000,001,637 | ---- | M] () -- C:\Users\Gwendo\Desktop\Paint.lnk
[2010/02/23 15:34:25 | 000,072,680 | ---- | M] () -- C:\Users\Gwendo\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/23 15:31:22 | 000,304,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/23 15:07:05 | 000,000,173 | ---- | M] () -- C:\Users\Gwendo\Desktop\Navy Federal Credit Union, Serving U.S. Department of Defense..url
[2010/02/21 23:03:13 | 000,000,914 | ---- | M] () -- C:\Users\Gwendo\Desktop\pay pal.lnk
[2010/02/21 14:51:23 | 000,064,000 | ---- | M] () -- C:\Users\Gwendo\Documents\collectables inventory.wdb
[2010/02/21 07:46:06 | 000,001,614 | ---- | M] () -- C:\Users\Gwendo\Desktop\Calculator.lnk

========== Files Created - No Company Name ==========

[2010/03/18 02:43:00 | 000,000,000 | ---- | C] () -- C:\Users\Gwendo\defogger_reenable
[2010/03/18 00:26:50 | 000,000,211 | ---- | C] () -- C:\Users\Gwendo\Desktop\un-identified, slow to start and open new tabs in IE8.url
[2010/03/17 20:24:35 | 000,001,746 | ---- | C] () -- C:\Users\Gwendo\Desktop\Mozilla Firefox.lnk
[2010/03/17 12:47:04 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/03/17 00:01:52 | 000,284,915 | ---- | C] () -- C:\Users\Gwendo\Desktop\gmer.zip
[2010/03/16 23:50:59 | 000,050,477 | ---- | C] () -- C:\Users\Gwendo\Desktop\Defogger.exe
[2010/03/16 18:31:51 | 000,001,795 | ---- | C] () -- C:\Users\Gwendo\Desktop\Microsoft Works Task Launcher.lnk
[2010/03/16 17:29:19 | 000,023,088 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/02 21:19:54 | 000,001,355 | ---- | C] () -- C:\Users\Gwendo\Desktop\navy cu questions.lnk
[2010/03/01 03:07:00 | 000,019,887 | ---- | C] () -- C:\Users\Gwendo\Desktop\Yahoo! Mail.url
[2010/02/28 07:16:29 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/02/28 07:16:29 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/02/28 07:16:28 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/02/28 07:16:28 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2010/02/28 07:16:27 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/02/28 07:16:25 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/02/28 07:16:25 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/02/25 22:34:33 | 000,000,145 | ---- | C] () -- C:\Users\Gwendo\Desktop\CD Drive.lnk
[2010/02/25 15:09:34 | 000,001,332 | ---- | C] () -- C:\Users\Gwendo\Desktop\becu questions.lnk
[2010/02/24 04:06:28 | 000,001,637 | ---- | C] () -- C:\Users\Gwendo\Desktop\Paint.lnk
[2010/02/21 23:03:13 | 000,000,914 | ---- | C] () -- C:\Users\Gwendo\Desktop\pay pal.lnk
[2010/02/21 14:51:23 | 000,064,000 | ---- | C] () -- C:\Users\Gwendo\Documents\collectables inventory.wdb
[2010/02/21 07:46:06 | 000,001,614 | ---- | C] () -- C:\Users\Gwendo\Desktop\Calculator.lnk
[2010/02/20 01:37:37 | 000,000,173 | ---- | C] () -- C:\Users\Gwendo\Desktop\Navy Federal Credit Union, Serving U.S. Department of Defense..url
[2010/02/19 18:50:16 | 000,000,219 | ---- | C] () -- C:\Users\Gwendo\Desktop\Wikipedia.url
[2010/02/10 13:28:43 | 000,000,680 | ---- | C] () -- C:\Users\Gwendo\AppData\Local\d3d9caps.dat
[2009/12/29 19:22:25 | 000,000,982 | ---- | C] () -- C:\Users\Gwendo\AppData\Roaming\wklnhst.dat
[2009/12/27 20:10:08 | 000,008,192 | ---- | C] () -- C:\Users\Gwendo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/16 21:19:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/17 19:26:16 | 000,004,179 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/07/16 20:32:20 | 000,000,011 | ---- | C] () -- C:\Windows\PLANNER.INI
[2009/07/16 19:05:11 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/12/04 06:11:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/12/04 06:11:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/12/04 05:31:15 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/12/04 04:05:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/12/04 04:05:09 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/07/03 20:37:48 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: AHCIX86S.SYS >
[2008/08/06 19:40:40 | 000,129,552 | ---- | M] (AMD Technologies Inc.) MD5=4FA58A158C9D3769FF9248675B53D6A7 -- C:\ACER\Preload\Autorun\DRV\AMD VGA Chip UMA\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2008/08/06 19:40:40 | 000,129,552 | ---- | M] (AMD Technologies Inc.) MD5=4FA58A158C9D3769FF9248675B53D6A7 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008/08/06 19:40:40 | 000,129,552 | ---- | M] (AMD Technologies Inc.) MD5=4FA58A158C9D3769FF9248675B53D6A7 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_1c311781\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2008/03/11 23:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/11 23:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/11 23:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 19:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 19:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:73933431
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:F880DE59
< End of report >

---------

Extras log;

OTL Extras logfile created on: 3/20/2010 2:48:23 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Gwendo\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 34.29 Gb Free Space | 49.33% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 67.36 Gb Free Space | 96.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GWENDO-PC
Current User Name: Gwendo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA00C56-3F19-4EC7-99B1-D717D704BD6D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1E183F6D-EB5B-4AC1-97BC-73E3525BAFAC}" = rport=139 | protocol=6 | dir=out | app=system |
"{3F202316-1C2F-4895-94F9-020939037C4B}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A029FB6-FABD-438D-9908-02F7A6FC0F97}" = lport=137 | protocol=17 | dir=in | app=system |
"{4D41BE43-39BE-42FB-B193-4223A1992925}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{76C581AC-B0E6-4378-B5E6-3C051CEA2D18}" = lport=445 | protocol=6 | dir=in | app=system |
"{79CFA5CA-57F3-4C34-95FA-85F7AD6C58D5}" = rport=445 | protocol=6 | dir=out | app=system |
"{B10C4486-4DC5-4747-9A6C-57E8B40DF854}" = lport=139 | protocol=6 | dir=in | app=system |
"{BE51A32B-DD60-40C0-AFA5-AB654DC396EF}" = lport=138 | protocol=17 | dir=in | app=system |
"{DCEAD586-1B8F-483F-B987-BEF0D4815C63}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB4B628-C862-4D3C-A9D1-D2D6B2379346}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0D523933-E4E3-408E-B2F0-3E81CF803F6E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0DDE240D-FD2A-4050-AB17-AF76C247A3BE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{0FD10BE7-B26D-4498-9DA1-F80CFA54F42A}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{14F6A4DE-E93E-4409-ACF9-61ACA5F0BFA0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{17A830F1-45A0-45E6-B061-CD0874B707C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{259F1611-C159-42C3-AFAF-5539853B7035}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{39664A6A-FF11-4174-990A-7163FA6B41AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4F2C0C9F-A74A-4733-B39A-9B88FEE754E3}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{4F4EB8A3-144B-440A-9F52-9C6DFAFB4B00}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{5533EFBD-587E-4F6D-8CB1-9F6108E273C2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{5A6A4999-D213-474E-9218-2C40DB4A4009}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{5F5E6067-EC42-4CF3-8A31-2D153A4B80E5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{652EBD17-16EB-440A-8C0F-0F05E8FC97BB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{8298F4D6-23AD-424B-B721-0BFDD38A99F2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8C3DF88F-508B-4A7C-B84D-72F4BF1CCFF8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{92C2B94A-B976-4CDF-9310-4FAEC6549BC9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{93986BAE-5214-46DC-B318-141D2814B512}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9F032CD7-793F-4E03-B5BC-8934CA8CED6C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{AD216AA2-DEAC-4813-9551-420543314020}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{CB71BD1D-8C17-4245-8CE7-BEACC9AAC3CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{CFE4FE28-3EC5-4FA2-A6E5-C916CD1B584C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{D4204B77-7C27-4D92-A648-008637DF0366}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{D64DAAC3-3615-46D7-9676-E10679B9500C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DE2A3DC4-494C-45FE-96A3-F071584EB146}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E4E8B147-460A-4A1C-9ABF-55611F56D341}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EF61AF50-5F84-4660-A8A4-C30007EA6090}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{F6D35B91-743B-499E-BC6B-7D7F3DCC2D6B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{071EA6A1-4189-3D9C-6B3F-0BE15495CE80}" = Catalyst Control Center Core Implementation
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08137BF5-9879-EBDA-6462-79D3C6D113B2}" = Catalyst Control Center Localization Portuguese
"{09621381-D4B0-2D6A-AB14-E8CE4CD424D9}" = Catalyst Control Center Graphics Previews Vista
"{09D3675D-E1BB-1B3D-3F35-0338F7AAB0FD}" = Catalyst Control Center Localization Czech
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1DE63D16-8A5E-74AB-1A5F-6E1834234229}" = CCC Help Chinese Standard
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{254C0471-5FDF-D591-1219-112ABECED882}" = CCC Help German
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 18
"{285432CE-2033-7317-27FC-DFB027E24F33}" = Catalyst Control Center Localization French
"{29E1DB75-A926-D7A5-6773-E24477526D49}" = CCC Help Chinese Traditional
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2B82EEF1-A86E-CE6A-E7E6-ED114131E383}" = Catalyst Control Center Graphics Full New
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2F3FC1A5-37B4-7685-7295-37FD1B3FE806}" = CCC Help Danish
"{32EBA2B9-23F8-82A8-E229-0F283EE902B0}" = CCC Help Portuguese
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3A2536D9-53FF-CD79-F46C-9E3902D2EEBA}" = CCC Help English
"{3A6CE5E6-7416-37A1-1DA2-2BCB0A9CF444}" = Catalyst Control Center Localization Japanese
"{3A7D9B34-E8A9-A352-20C1-0607B1D5F8B6}" = Catalyst Control Center Localization Chinese Traditional
"{3F9544A3-63B0-E523-D212-5C010368E492}" = Catalyst Control Center Localization Spanish
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41802C9A-1BF6-9A4E-D903-C6587560D758}" = Catalyst Control Center Localization Chinese Standard
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{58D9BD9C-C96F-F308-5D72-371A9D3CC939}" = CCC Help Dutch
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{6165BE73-8AC5-A2B6-8910-963387FE5B9B}" = Catalyst Control Center Localization Russian
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67A8747E-0517-75EF-244F-9E219C440107}" = ATI Catalyst Install Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A25BA91-82D1-0841-FC65-57CE27540922}" = Catalyst Control Center Localization Danish
"{6A41CE62-8379-2A4D-E690-AA5D4DA8A279}" = ccc-core-static
"{6BB99DE2-D79C-B223-8D4F-E3D80A478D0F}" = CCC Help Polish
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E52D2FB-5FB5-334E-86F9-4316EEDC2926}" = ccc-utility
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72BBB36F-D323-0746-4F92-083E4C5EAC52}" = CCC Help Czech
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DDF474C-2AF9-4A3B-57E0-FBF31ED2C913}" = Catalyst Control Center Localization Polish
"{7E992D2F-5D9F-0A2A-302E-E4AC8FB79F47}" = Catalyst Control Center Graphics Full Existing
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{84DB8DAE-531B-FDA4-E683-8C82F0F81F26}" = Catalyst Control Center Localization Turkish
"{865A7423-1322-E68E-4604-BEB0EEBFB624}" = Catalyst Control Center Localization Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9B35344F-7FA4-B6BA-E64B-930A5BDB9585}" = Catalyst Control Center InstallProxy
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9FFC6670-6711-387B-3566-7D0DA1808531}" = CCC Help Swedish
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A8176277-4272-EA16-CDAE-1E37C62E14B2}" = CCC Help Italian
"{A9E38025-D8D8-FB5E-0DDB-12691243EF1F}" = CCC Help Norwegian
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFE52E73-FADF-7AEC-9F2E-9C490C77AB61}" = Catalyst Control Center Localization German
"{B16469A5-D2FA-A0C8-D371-2F4C8D5707D4}" = CCC Help Finnish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B463846D-85B8-5B31-59BD-AA68307ECC69}" = CCC Help Spanish
"{B483D67F-8223-F1C5-1CBD-59B13676019E}" = CCC Help Greek
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B7BA5747-159E-B1E7-B73D-E3B7575D783A}" = CCC Help Thai
"{BC4FBC02-B2B7-ACCA-C983-FFF31FC3C1C9}" = CCC Help Japanese
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C08B098D-E9A6-649F-120D-9263C0527C2E}" = Catalyst Control Center Localization Swedish
"{C22EDAB3-B9C3-3189-6FE5-8DC4CFADED81}" = CCC Help Hungarian
"{C4FA4F86-63E8-9CD5-8CD3-25E4AC0E8861}" = Catalyst Control Center Localization Finnish
"{C63225DD-4956-D968-E563-30371AA23FD8}" = Skins
"{C7D5F833-4603-B3A3-4DB7-178022D73CC6}" = Catalyst Control Center Localization Dutch
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CC4AD2ED-C8C8-6548-BAB0-59058B3FA658}" = Catalyst Control Center Localization Greek
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D04DA284-0680-277B-832E-B795D9302F8D}" = CCC Help Turkish
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D5B90069-DC5F-E482-D86A-B0CBBBD0E50E}" = CCC Help Russian
"{DF7A3C71-08FD-9154-BF1C-81BC491F4C2C}" = CCC Help French
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA78289C-35D1-10D4-CA0D-7C653B2E212A}" = Catalyst Control Center Localization Hungarian
"{EAE06CC6-8838-CA77-347C-BD3E9DEC6C93}" = Catalyst Control Center Localization Italian
"{EB18E9CE-A633-1192-BDF6-4EA15DA97785}" = Catalyst Control Center Graphics Light
"{ECA47E2A-51B0-2F2F-67D3-A2A0639092B1}" = Catalyst Control Center Localization Korean
"{ED5085E1-BA8E-1464-2E3D-400086526EDE}" = Catalyst Control Center Localization Thai
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FFA58E6D-8053-18D7-C9BB-C76312C1E12C}" = CCC Help Korean
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)
"LimeWire" = LimeWire 5.3.6
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"PySol Fan Club edition_is1" = PySol Fan Club edition v.2.0
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2010 4:06:04 PM | Computer Name = Gwendo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/12/2010 4:06:04 PM | Computer Name = Gwendo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/12/2010 4:06:04 PM | Computer Name = Gwendo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/12/2010 4:06:04 PM | Computer Name = Gwendo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/12/2010 4:06:04 PM | Computer Name = Gwendo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/12/2010 4:06:36 PM | Computer Name = Gwendo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/12/2010 4:06:47 PM | Computer Name = Gwendo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/12/2010 4:06:48 PM | Computer Name = Gwendo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/12/2010 4:06:50 PM | Computer Name = Gwendo-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/12/2010 4:07:13 PM | Computer Name = Gwendo-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 10/21/2009 2:20:43 AM | Computer Name = Gwendo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/21/2009 2:20:43 AM | Computer Name = Gwendo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/21/2009 2:20:43 AM | Computer Name = Gwendo-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/21/2009 2:20:43 AM | Computer Name = Gwendo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/21/2009 2:20:43 AM | Computer Name = Gwendo-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/21/2009 2:20:43 AM | Computer Name = Gwendo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/21/2009 2:20:43 AM | Computer Name = Gwendo-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/25/2009 7:28:42 PM | Computer Name = Gwendo-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/25/2009 7:30:23 PM | Computer Name = Gwendo-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/25/2009 7:33:17 PM | Computer Name = Gwendo-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >

Edited by igonuts2, 20 March 2010 - 11:49 PM.

Why work when you can play!

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:47 PM

Posted 21 March 2010 - 02:12 PM

Hi,

Limewire still seems to be installed. Please try running Fix IE and let me know if the program fixes your problem with Internet Explorer: Fix IE

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:10:47 AM

Posted 21 March 2010 - 03:38 PM

"In the other thread I told them I had removed LimeWire and another P2P program. Looks like I didn’t remove LimeWire. Already posted here, so I left it."

It's removed now.

did the fix. still get the winsock and ownership issues apearing in netstat during IE request. IE does seem to open and develop faster. c/p still is very slow. but last night it seemed like what ever the issue is, went away or briefly let go of the pc, just to return later.
Why work when you can play!

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:47 PM

Posted 21 March 2010 - 05:01 PM

Hi,

let's rebuild the winsock then:
  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:
    netsh winsock reset
  • a log file will open. Please save that log and post the content in your next reply.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


How long have you been using ZoneAlarm and AVG could they be causing part of the problems?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:10:47 AM

Posted 21 March 2010 - 05:23 PM

still have ownership issues and failier to initialize winsock via netstat. seems to be fast again. no log file was produced.

nope. i didnt follow your instructions.i'll try again.


fyi,
i dl'd mbam again. windows said the short cut path was invalid. went ot file location and got a run time error. safe mod as well. did get spybot to run in safe mode. no issues.

Edited by igonuts2, 21 March 2010 - 05:29 PM.

Why work when you can play!

#8 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:10:47 AM

Posted 21 March 2010 - 05:38 PM

no log. would windows stash it somewhere?

netstat still show issues with ownership and winsock.

fyi, "recently changed" in explorer now refers to a non existant file location. not as a result of what we did. i noticed this last night.

the day after we got this laptop i removed mcafee and installed AVG and ZA. they have been running error free for maybe a year. i disabled all services not ms via msconfig with no effect.

no issues till i updated to IE8. and that was dl'd from windows update site itself.

i have cmd on start menu......

Edited by igonuts2, 21 March 2010 - 05:58 PM.

Why work when you can play!

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:47 PM

Posted 21 March 2010 - 06:55 PM

Hi,

very sorry, there wasn't supposed to be a log. I modified the command after typing this out.

Could you try to remove AVG and let me know if that gets your PC up and running again. I see you have Firefox installed, is it quicker on the internet?


Please also try to run netstat from an elevated command prompt and let me know if that solves the permission problem.
Go to start, then all programs followed by Accessories, right-click Command Prompt, and then click Run as administrator to get an elevated command prompt.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:10:47 AM

Posted 21 March 2010 - 07:33 PM

FF doesnt seem to be effected. it's lightening fast.

i will remove AVG and do the winsock thing from an elevated comand prompt. in that order. and post back.

fyi.
i dl'd sas and mbam again. after the install the short cuts left on the desk top have an invalid path. neither will run, even when opened from file location, unless in safe mode. also, the main exe files will not run. i get splash screens, then nothing. i have to run them from the scanner exe file. no user interface. nothing found.

Edited by igonuts2, 21 March 2010 - 07:36 PM.

Why work when you can play!

#11 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:10:47 AM

Posted 21 March 2010 - 07:56 PM

still isues w/ ownership and winsock via netstat during IE rquest. no log.

fyi, at this point IE is just as fast as FF, but i have no idea how long that will last. kinda that way this morning.

AVG reinstalled.
-------
Edit; monday am.

i haven't had any security programs ever show anything for removal. all logs have been clean. since day one. they didn't even hit on the p2p programs installed. spybot, mbam, sas, avg, bit online, sophos antiroot kit, and hjt, all clean.

originaly posted in the vista forum, when i found the ownership/winsock stuff. when i mentioned the p2p programs they thought it best i went here.
then promptly moved OP to networking forum.

very slow typing in this field. new tabs vary from normal to long delays in developing. new IE windows are fast, 2day.
ownership/winsock isues, and all these runtime errors, security programs only, causing me to use the scanning exe files in safe mode. some short cuts are invalid, in explorer windows and on the desktop. none of my backup utility programs work (prior to defogger).

viewed restore points. none are older than the 16th of this month. thats when i went to IE8. (box was ticked to show points older than 5 days).

sure hope this is no infection. if it is, i am truely screwed, as i have no idea how it happened.

Edited by igonuts2, 22 March 2010 - 03:33 PM.

Why work when you can play!

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:47 PM

Posted 22 March 2010 - 04:07 PM

Hi,

it doesn't really look like an infection either to be honest. If it is, it has been seriously damaged, probably by the anti virus program or similar.

Have you tried running Internet Explorer 8 in safemode with networking? Does it work there?

If all else fails I would think uninstalling IE8 and reinstalling it would be an option. As well as uninstalling IE8 and reinstalling IE7 should be.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:10:47 AM

Posted 22 March 2010 - 04:36 PM

checked the event logs this am and found a bad block event. verifing that via disc util. there were two other entries that were odd to me. right now i'm on another pc, so when the check is done on the pc in question, i will post the results of the chkdisc and the odd events.

pending that, maybe you formaly say were done here, or not, and i'll go back to the networking forum.

Edited by igonuts2, 22 March 2010 - 04:37 PM.

Why work when you can play!

#14 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:10:47 AM

Posted 22 March 2010 - 05:00 PM

chkdisc was good. no errors. odd.

these are the events

event viewer.

The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume ACER.

losts of these,
Event Xml:The entry <C:\USERS\GWENDO\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\HV64QN5V\ZZZZZZZZZ.ZZ> in the hash map cannot be updated.

The device, \Device\Harddisk0\DR0, has a bad block.
-----------
all checked good.

i have no idea what that temp file is. cant find it either.
i have hidden files accessable, but when i get to TEMPORARY INTERNET FILES it's not there.

i try the r/r of ie

so you call it. done here?

Edited by igonuts2, 22 March 2010 - 05:19 PM.

Why work when you can play!

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:47 PM

Posted 22 March 2010 - 05:05 PM

Hi,

do you still have the gmer log? I thought I had checked it, but I can no longer find it in your thread.

Could you please provide the log you had or run a fresh scan:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users