• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

Slowsness PC problem...

rich1987

FPCH Member
Joined
Mar 30, 2010
Messages
5
Location
Glasgow
PC Experience
Some Experience
Operating System
Windows Vista - Ultimate
#1
Hi,

I got a 2nd hand pc a few days ago and it was fine in the shop and I took it home,

about two days later after I had downloaded a few basic programs MSN Utorrent, ect.

it started going slow by that I mean program wise,

like once it started up it takes two to three minutes for anything basic to come up
ie: my documents or and web browser and I have no idea what's causingit?

I ain't a computer wiz or anything so can't think what to do

I am guessing it could be some kinda of virus but aint too sure,

What do you guys think?
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,396
Location
Midlands, UK
PC Experience
Very Experienced
#2
Hi Rich, and welcome.

bout two days later after I had downloaded a few basic programs MSN Utorrent, ect.
Why would you need UTorrent? have you any idea how dangerous this program can be to your system?
As it's a secondhand pc, let's take a look and see what's on there shall we?

  • Download OTL to your desktop.
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.


  • Now copy the lines below.

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT


  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    .
  • Click the Run Scan button.


  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.


If i see evidence of malware in the reports, i'll move this thread to the appropriate forum.

Thanks
 
Last edited:

rich1987

FPCH Member
Joined
Mar 30, 2010
Messages
5
Location
Glasgow
PC Experience
Some Experience
Operating System
Windows Vista - Ultimate
#3
hi

Doesn't seem to let me paste the txt

says too long , make shorter to 20000 words or something?
 

rich1987

FPCH Member
Joined
Mar 30, 2010
Messages
5
Location
Glasgow
PC Experience
Some Experience
Operating System
Windows Vista - Ultimate
#4
extra txt

OTL Extras logfile created on: 30/03/2010 20:33:09 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Guest\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

191.00 Mb Total Physical Memory | 64.00 Mb Available Physical Memory | 34.00% Memory free
650.00 Mb Paging File | 300.00 Mb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.93 Gb Total Space | 60.21 Gb Free Space | 84.89% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICH
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2747662423-114160788-445754315-501\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxbycoms.exe" = C:\WINDOWS\system32\lxbycoms.exe:*:Disabled:p910 Series Server -- File not found
"C:\Program Files\BearShare\BearShare.exe" = C:\Program Files\BearShare\BearShare.exe:*:Disabled:BearShare -- File not found
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{136B81D0-BAC1-4AEA-AB43-EE6A584F8A8D}" = National Geographic Print Studio
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{480D674F-7285-41AE-93C0-1BB62B151AD3}" = PCEye2000
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{92BD4B1D-984F-41CD-B261-687DF808FA6F}" = Football Manager 2005
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99747F0D-D4F8-4877-9CA0-4AE96D963633}" = CA eTrust Antivirus
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX Setup
"ie8" = Windows Internet Explorer 8
"InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"S3" = UniChromeII Graphics Driver and Utilities
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SLAMRNTV" = Smart Link 56K Voice Modem
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2747662423-114160788-445754315-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >
 

rich1987

FPCH Member
Joined
Mar 30, 2010
Messages
5
Location
Glasgow
PC Experience
Some Experience
Operating System
Windows Vista - Ultimate
#5
OTL logfile created on: 30/03/2010 20:33:09 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Guest\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

191.00 Mb Total Physical Memory | 64.00 Mb Available Physical Memory | 34.00% Memory free
650.00 Mb Paging File | 300.00 Mb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.93 Gb Total Space | 60.21 Gb Free Space | 84.89% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICH
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Guest\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Guest\My Documents\Downloads\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Bing:


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.iqon.ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.iqon.ie
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2747662423-114160788-445754315-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
IE - HKU\S-1-5-21-2747662423-114160788-445754315-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - No CLSID value found.
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKU\S-1-5-18..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\Google Chrome [2010/03/29 14:41:29 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2747662423-114160788-445754315-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/15 02:04:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk - C:\PROGRA~1\BTHOME~1\Help\bin\matcli.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe - (VIA)
MsConfig - StartUpReg: BearShare - hkey= - key= - C:\Program Files\BearShare\BearShare.exe File not found
MsConfig - StartUpReg: EzPrint - hkey= - key= - C:\Program Files\Lexmark P910 Series\ezprint.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe File not found
MsConfig - StartUpReg: Lexmark X1100 Series - hkey= - key= - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe File not found
MsConfig - StartUpReg: lxbymon.exe - hkey= - key= - C:\Program Files\Lexmark P910 Series\lxbymon.exe File not found
MsConfig - StartUpReg: Motive SmartBridge - hkey= - key= - C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Realtime Monitor - hkey= - key= - C:\Program Files\CA\Etrust Antivirus\Realmon.exe (Computer Associates International, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

========== Files/Folders - Created Within 30 Days ==========

[2010/03/30 19:28:37 | 000,000,000 | ---D | C] -- C:\0b1997a8e16208282d4b495b
[2010/03/30 15:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/30 15:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/30 15:28:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/03/30 03:27:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/03/30 03:27:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/03/30 03:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/03/30 03:26:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/03/30 01:36:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/03/30 01:10:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/03/30 01:10:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/03/29 23:38:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/03/29 23:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/03/29 18:33:33 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/03/29 18:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/03/29 18:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/03/29 18:21:45 | 000,000,000 | ---D | C] -- C:\e209c168da8cfc01748389
[2010/03/29 17:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\DivX
[2010/03/29 17:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\uTorrent
[2010/03/29 10:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\My Documents\Downloads
[2010/03/28 23:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\My Documents\My Received Files
[2010/03/28 23:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Tracing
[2010/03/28 21:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Start Menu\Programs\Startup\Google Chrome
[2010/03/28 21:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Temp
[2010/03/28 21:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Google
[2010/03/28 16:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Macromedia
[2010/03/28 15:38:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Guest\PrivacIE
[2010/03/28 15:37:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Guest\IETldCache
[2010/03/28 15:36:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Guest\Application Data\Microsoft
[2010/03/28 15:36:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guest\SendTo
[2010/03/28 15:36:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guest\Recent
[2010/03/28 15:36:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guest\Application Data
[2010/03/28 15:36:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest\Start Menu
[2010/03/28 15:36:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest\My Documents\My Videos
[2010/03/28 15:36:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest\My Documents\My Pictures
[2010/03/28 15:36:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest\My Documents\My Music
[2010/03/28 15:36:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest\My Documents
[2010/03/28 15:36:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest\Favorites
[2010/03/28 15:36:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Guest\Cookies
[2010/03/28 15:36:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Guest\Templates
[2010/03/28 15:36:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Guest\PrintHood
[2010/03/28 15:36:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Guest\NetHood
[2010/03/28 15:36:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Guest\Local Settings
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\WINDOWS
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Identities
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Help
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Help
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Desktop
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\My Documents\CyberLink
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\CyberLink
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\ApplicationHistory
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Apple Computer
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Apple Computer
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Desktop\AMD 64 UK
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Adobe
[2010/03/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Adobe
[2010/03/28 15:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/03/28 15:10:26 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/28 15:10:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/28 15:10:24 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/28 15:10:17 | 011,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/28 15:08:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/03/28 15:05:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/28 15:05:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/03/28 14:33:41 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2010/03/27 22:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2010/03/27 20:51:47 | 002,083,312 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/03/27 20:51:47 | 000,678,384 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2010/03/27 20:51:47 | 000,559,600 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010/03/27 20:51:47 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2010/03/27 20:51:47 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2010/03/27 20:51:47 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/03/27 20:51:47 | 000,125,424 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010/03/27 20:51:47 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010/03/27 20:51:47 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010/03/27 20:51:47 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/03/27 20:51:47 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/03/27 20:51:47 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/03/27 20:51:47 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/03/27 20:51:47 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/03/27 20:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/03/27 20:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/03/27 20:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All
 

rich1987

FPCH Member
Joined
Mar 30, 2010
Messages
5
Location
Glasgow
PC Experience
Some Experience
Operating System
Windows Vista - Ultimate
#6
Users\Application Data\DivX
[2010/03/24 23:47:10 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/03/24 20:32:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/03/24 18:51:10 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/24 18:51:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/24 18:51:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/24 18:51:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/24 18:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/24 18:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/24 18:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/03/24 18:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/03/24 17:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/03/24 17:47:43 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/03/22 17:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2010/03/22 17:13:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/22 17:13:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/22 17:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/08 18:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/03/02 19:16:04 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2009/08/19 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/08/19 18:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/03/25 11:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2008/11/04 23:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/02/18 01:06:41 | 000,653,960 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2005/02/18 01:06:41 | 000,100,176 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2005/02/18 01:06:41 | 000,013,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2005/02/18 01:06:40 | 001,396,048 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2005/02/18 01:06:40 | 000,229,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2005/02/18 01:06:40 | 000,014,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/30 20:38:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC6C4632-6A5F-47D2-B7E0-E20B9FB4F327}.job
[2010/03/30 20:37:02 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2747662423-114160788-445754315-1010UA.job
[2010/03/30 20:00:06 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/30 19:48:02 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2747662423-114160788-445754315-1007UA.job
[2010/03/30 19:46:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/30 19:46:28 | 200,855,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/30 19:46:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/30 19:42:01 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2747662423-114160788-445754315-501UA.job
[2010/03/30 19:04:59 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 18:05:51 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/03/30 17:29:16 | 000,013,688 | ---- | M] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/30 15:58:01 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/30 15:37:17 | 000,472,622 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/30 15:37:17 | 000,401,992 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/30 15:37:17 | 000,063,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/30 15:30:15 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/03/30 15:28:26 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/30 01:30:45 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/29 23:33:54 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/03/29 21:37:08 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2747662423-114160788-445754315-1010Core.job
[2010/03/29 18:25:32 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/29 18:06:23 | 000,000,488 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/29 16:48:00 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2747662423-114160788-445754315-1007Core.job
[2010/03/29 10:25:35 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\Google Chrome.lnk
[2010/03/28 23:17:58 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\Windows Media Player.lnk
[2010/03/28 21:42:26 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2747662423-114160788-445754315-501Core.job
[2010/03/27 19:53:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
[2010/03/26 20:00:46 | 000,000,048 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/24 19:06:58 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup WeekDay Scanner.job
[2010/03/24 18:50:41 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/24 18:50:41 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/24 18:50:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/24 18:50:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/24 18:50:41 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/08 18:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/03/02 19:16:04 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/30 17:27:46 | 200,855,552 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/29 23:33:54 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/03/29 18:34:16 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/29 18:25:31 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/29 17:48:29 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/29 10:25:35 | 000,002,295 | ---- | C] () -- C:\Documents and Settings\Guest\Desktop\Google Chrome.lnk
[2010/03/28 21:47:11 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC6C4632-6A5F-47D2-B7E0-E20B9FB4F327}.job
[2010/03/28 21:37:37 | 000,000,976 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2747662423-114160788-445754315-501UA.job
[2010/03/28 21:37:26 | 000,000,924 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2747662423-114160788-445754315-501Core.job
[2010/03/28 15:37:00 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Guest\Desktop\Windows Media Player.lnk
[2010/03/28 15:36:59 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/03/28 15:36:59 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Guest\ntuser.ini
[2010/03/28 15:36:59 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\fusioncache.dat
[2010/03/28 14:33:41 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\slcpappl.cpl
[2010/03/28 14:33:41 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2010/03/28 14:33:41 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\slmh.exe
[2010/03/28 14:33:41 | 000,351,183 | ---- | C] () -- C:\WINDOWS\System32\slmh.cab
[2010/03/28 14:33:41 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2010/03/28 14:33:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\minirec.exe
[2010/03/28 14:33:41 | 000,151,740 | ---- | C] () -- C:\WINDOWS\System32\slcpappl.chm
[2010/03/28 14:33:41 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2010/03/28 14:33:41 | 000,077,824 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2010/03/26 20:00:46 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/24 22:32:28 | 000,000,972 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2747662423-114160788-445754315-1010UA.job
[2010/03/24 22:32:25 | 000,000,920 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2747662423-114160788-445754315-1010Core.job
[2010/03/24 19:06:59 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
[2010/03/24 19:06:58 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\Norton PC Checkup WeekDay Scanner.job
[2010/03/24 17:43:41 | 000,001,004 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2747662423-114160788-445754315-1007UA.job
[2010/03/24 17:43:39 | 000,000,952 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2747662423-114160788-445754315-1007Core.job
[2008/04/18 12:41:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/08/13 14:36:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/08/13 14:34:03 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini
[2007/07/09 11:53:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/07/06 09:47:44 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/04/07 14:34:44 | 000,000,115 | ---- | C] () -- C:\WINDOWS\PINOCHLE.INI
[2006/02/14 21:16:16 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/01/25 23:32:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/01/05 01:12:19 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\WSBar.dll
[2005/02/18 01:26:23 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/02/18 01:06:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/18 01:06:41 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2005/02/18 01:06:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2005/02/18 01:06:40 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2005/02/17 17:54:17 | 000,000,509 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/02/15 10:44:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/15 00:49:30 | 000,004,190 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2010/03/22 17:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2010/03/28 14:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2007/08/13 15:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2005/04/28 00:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2005/04/28 00:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2010/03/30 19:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\uTorrent
[2010/03/22 17:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2010/03/30 20:00:06 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/03/30 20:38:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC6C4632-6A5F-47D2-B7E0-E20B9FB4F327}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/03/30 01:10:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/03/30 01:10:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/03/30 01:10:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/03/30 01:10:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/03/30 01:10:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/03/30 01:10:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp2qfe\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIASRAID.SYS >
[2003/06/12 18:31:46 | 000,075,904 | R--- | M] (VIA Technologies inc,.ltd) MD5=1493F351E5A4B915FB5BBB735C14004B -- C:\WINDOWS\system32\drivers\viasraid.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< End of report >
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,396
Location
Midlands, UK
PC Experience
Very Experienced
#7
Hi rich

Computer Name: RICH
Current User Name: Guest
NOT logged in as Administrator.
you must run these scans from an Admin account.
Please re-run the OTL instructions from an Admin account.

if you have problems posting the report.... add the report as an attachment.

Thanks