Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: PC Loading slowly...

  1. #1
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Unhappy PC Loading slowly...

    Hi Guys:
    Back again. Started doing some online gaming and You Tube posting on my PC. I'm getting this 'Lag' when either the games or the videos load. Do I need a new PC?
    Heres my logs:
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
    Run by Dad at 10:26:05 on 2013-08-23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.702.195 [GMT -5:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Internet Security 2012 *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?hl=en
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
    BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
    BHO: {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - <orphaned>
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
    BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
    BHO: hpWebHelper Class: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
    BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    uRun: [Google Update] "c:\documents and settings\dad.your-4dacd0ea75\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Driver Genius] <no file>
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjgwMTEyNTY3LVQxMy1VODUrMS1CQSsxLVhMKzEtRlA5KzYtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU0yKzEtRERUKzAtRkwxMCsxLVRVRysz"&"prod=90"&"ver=10.0.1390
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {E6EF5071-7647-4E85-9785-87B6CF5CB561} - {C92041C1-6D22-4069-BA0E-66246AA752B0}
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: trymedia.com
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{19BBB996-5117-464D-A89F-CD2424DA7BD0} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{6E053139-5D2F-4791-9D3C-EB9FABA46996} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.5.0\ViProtocol.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\dad.your-4dacd0ea75\application data\mozilla\firefox\profiles\37fti8ke.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\dad.your-4dacd0ea75\application data\mozilla\firefox\profiles\37fti8ke.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\documents and settings\dad.your-4dacd0ea75\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\dad.your-4dacd0ea75\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\dad.your-4dacd0ea75\application data\mozilla\plugins\npo1d.dll
    FF - plugin: c:\documents and settings\dad.your-4dacd0ea75\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin10171.dll
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.5.0\npsitesafety.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 164832]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-5-4 37664]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 Freemake Improver;Freemake Improver;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2013-5-4 101888]
    R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite xii.sp2a\RpcAgentSrv.exe [2008-4-12 98488]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-3-28 370360]
    R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-15 1643184]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubveo532.sys --> c:\windows\system32\drivers\ubVeo532.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-08-21 16:47:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-08-21 16:47:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-08-15 13:21:42 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-07-26 02:47:12 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
    2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
    2013-07-04 02:59:11 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-07-04 02:08:30 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-06-23 19:25:43 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-06-23 19:25:41 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-06-23 19:25:40 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-06-23 19:25:40 789416 ----a-w- c:\windows\system32\deployJava1.dll
    2013-06-04 07:23:02 562688 ------w- c:\windows\system32\qedit.dll
    2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
    2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
    .
    ============= FINISH: 10:27:45.31 ===============
    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-08-23 10:37:31
    -----------------------------
    10:37:31.713 OS Version: Windows 5.1.2600 Service Pack 3
    10:37:31.713 Number of processors: 1 586 0x4F02
    10:37:31.729 ComputerName: YOUR-4DACD0EA75 UserName: Dad
    10:37:33.323 Initialize success
    10:41:59.282 AVAST engine defs: 13082300
    10:51:32.335 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
    10:51:32.335 Disk 0 Vendor: ST316081 3.AH Size: 152627MB BusType: 3
    10:51:32.632 Disk 0 MBR read successfully
    10:51:32.632 Disk 0 MBR scan
    10:51:33.773 Disk 0 unknown MBR code
    10:51:33.789 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143839 MB offset 63
    10:51:34.836 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8777 MB offset 294599970
    10:51:35.257 Disk 0 scanning sectors +312576705
    10:51:35.773 Disk 0 scanning C:\WINDOWS\system32\drivers
    10:52:15.325 Service scanning
    10:52:51.063 Modules scanning
    10:53:10.831 Disk 0 trace - called modules:
    10:53:10.847 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
    10:53:11.206 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83451ab8]
    10:53:11.206 3 CLASSPNP.SYS[f7cd5fd7] -> nt!IofCallDriver -> \Device\00000077[0x834b4920]
    10:53:11.206 5 ACPI.sys[f7b4c620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x834b3a38]
    10:53:13.144 AVAST engine scan C:\WINDOWS
    10:53:38.631 AVAST engine scan C:\WINDOWS\system32
    11:02:18.735 AVAST engine scan C:\WINDOWS\system32\drivers
    11:02:44.113 AVAST engine scan C:\Documents and Settings\Dad.YOUR-4DACD0EA75
    11:11:44.130 AVAST engine scan C:\Documents and Settings\All Users
    11:21:39.649 Scan finished successfully
    11:30:20.189 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\MBR.dat"
    11:30:20.189 The log file has been saved successfully to "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi speedinc,

    My name is OCD. I apologize for the delay, if you still require help please continue:

    I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.
    • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Please stay with this topic until I let you know that your system appears to be "All Clear"

    Important: All tools MUST be run from the Desktop.

    =========================

    Using AdwCleaner v3: Scan & Clean:
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • This time, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that log file in your next reply.
    • A copy of that log file will also be saved in the C:\AdwCleaner folder.

    =========================

    OTL
    • Download OTL to your desktop.
    • Make sure all other windows are closed and to let it run uninterrupted.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      services.exe
      /md5stop
      %systemroot%\*. /rp /s
      %systemdrive%\$Recycle.Bin|@;true;true;true
      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      BASESERVICES
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.

    =========================

    In your next post please provide the following:
    • AdwCleaner.txt
    • OTL.txt
    • Do not post Extras.txt
    • How is the computer running?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #3
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi speedinc,

    Just checking to see if you still need assistance?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  4. #4
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Default PC loading Slowly...

    Hello OCD
    Sorry, I didnt see the response til today! I would greatly appreciate it if you could look at my box. Maybe its time for a new one. Give me a moment to respond to your commands....

  5. #5
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Unhappy Re: PC Loading slowly...

    Heres The AdwCleaner Log:

    # AdwCleaner v3.005 - Report created 23/09/2013 at 01:57:57
    # Updated 22/09/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Dad - YOUR-4DACD0EA75
    # Running from : C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder
    Folder Deleted : C:\Program Files\driver-soft
    Folder Deleted : C:\Program Files\SendSpace
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\OpenCandy
    Folder Deleted : C:\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\ConduitCommon
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
    File Deleted : C:\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AVG Security Toolbar
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
    Product Deleted : Ask Toolbar

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\prefs.js ]

    Line Deleted : user_pref("CT3196716..clientLogIsEnabled", true);
    Line Deleted : user_pref("CT3196716..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    Line Deleted : user_pref("CT3196716..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    Line Deleted : user_pref("CT3196716.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Line Deleted : user_pref("CT3196716.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_129774122767598898", true);
    Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_1359634299000", true);
    Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_1366704382000", true);
    Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_1367225922000", true);
    Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_8478564928926792879", true);
    Line Deleted : user_pref("CT3196716.CT3196716", "CT3196716");
    Line Deleted : user_pref("CT3196716.CurrentServerDate", "19-5-2013");
    Line Deleted : user_pref("CT3196716.DSInstall", false);
    Line Deleted : user_pref("CT3196716.DialogsAlignMode", "LTR");
    Line Deleted : user_pref("CT3196716.DialogsGetterLastCheckTime", "Sat May 18 2013 17:15:49 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.DownloadReferralCookieData", "");
    Line Deleted : user_pref("CT3196716.EMailNotifierPollDate", "Tue Dec 11 2012 22:10:00 GMT-0600 (Central Standard Time)");
    Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129755756828511878", "Tue Dec 11 2012 22:10:00 GMT-0600 (Central Standard Time)");
    Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129757581393447276", "Tue Dec 11 2012 22:10:00 GMT-0600 (Central Standard Time)");
    Line Deleted : user_pref("CT3196716.FirstServerDate", "4-5-2012");
    Line Deleted : user_pref("CT3196716.FirstTime", true);
    Line Deleted : user_pref("CT3196716.FirstTimeFF3", true);
    Line Deleted : user_pref("CT3196716.FirstTimeHiddenVer", true);
    Line Deleted : user_pref("CT3196716.FixPageNotFoundErrors", false);
    Line Deleted : user_pref("CT3196716.GroupingServerCheckInterval", 1440);
    Line Deleted : user_pref("CT3196716.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Line Deleted : user_pref("CT3196716.HPInstall", false);
    Line Deleted : user_pref("CT3196716.HasUserGlobalKeys", true);
    Line Deleted : user_pref("CT3196716.HomePageProtectorEnabled", false);
    Line Deleted : user_pref("CT3196716.HomepageBeforeUnload", "hxxp://www.google.com/ig");
    Line Deleted : user_pref("CT3196716.Initialize", true);
    Line Deleted : user_pref("CT3196716.InitializeCommonPrefs", true);
    Line Deleted : user_pref("CT3196716.InstallationAndCookieDataSentCount", 3);
    Line Deleted : user_pref("CT3196716.InstallationType", "Unknown");
    Line Deleted : user_pref("CT3196716.InstalledDate", "Thu May 03 2012 22:33:21 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.InvalidateCache", false);
    Line Deleted : user_pref("CT3196716.IsAlertDBUpdated", true);
    Line Deleted : user_pref("CT3196716.IsGrouping", false);
    Line Deleted : user_pref("CT3196716.IsInitSetupIni", true);
    Line Deleted : user_pref("CT3196716.IsMulticommunity", false);
    Line Deleted : user_pref("CT3196716.IsOpenThankYouPage", true);
    Line Deleted : user_pref("CT3196716.IsOpenUninstallPage", true);
    Line Deleted : user_pref("CT3196716.IsProtectorsInit", true);
    Line Deleted : user_pref("CT3196716.LanguagePackLastCheckTime", "Sat May 18 2013 17:15:49 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.LanguagePackReloadIntervalMM", 1440);
    Line Deleted : user_pref("CT3196716.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    Line Deleted : user_pref("CT3196716.LastLogin_3.12.2.3", "Tue May 29 2012 21:25:07 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.LastLogin_3.13.0.6", "Sun Jul 15 2012 10:54:16 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.LastLogin_3.14.1.0", "Tue Aug 21 2012 20:46:45 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.LastLogin_3.15.1.0", "Wed Nov 07 2012 21:30:03 GMT-0600 (Central Standard Time)");
    Line Deleted : user_pref("CT3196716.LastLogin_3.16.0.100", "Mon Feb 11 2013 08:55:21 GMT-0600 (Central Standard Time)");
    Line Deleted : user_pref("CT3196716.LastLogin_3.16.0.3", "Sun Dec 30 2012 19:35:08 GMT-0600 (Central Standard Time)");
    Line Deleted : user_pref("CT3196716.LastLogin_3.18.0.7", "Sat May 18 2013 17:15:49 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.LatestVersion", "3.18.0.7");
    Line Deleted : user_pref("CT3196716.Locale", "en");
    Line Deleted : user_pref("CT3196716.MCDetectTooltipHeight", "83");
    Line Deleted : user_pref("CT3196716.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Line Deleted : user_pref("CT3196716.MCDetectTooltipWidth", "295");
    Line Deleted : user_pref("CT3196716.MyStuffEnabledAtInstallation", true);
    Line Deleted : user_pref("CT3196716.OriginalFirstVersion", "3.12.2.3");
    Line Deleted : user_pref("CT3196716.RadioIsPodcast", false);
    Line Deleted : user_pref("CT3196716.RadioLastCheckTime", "Tue Dec 11 2012 22:10:01 GMT-0600 (Central Standard Time)");
    Line Deleted : user_pref("CT3196716.RadioLastUpdateIPServer", "3");
    Line Deleted : user_pref("CT3196716.RadioLastUpdateServer", "3");
    Line Deleted : user_pref("CT3196716.RadioMediaID", "9962");
    Line Deleted : user_pref("CT3196716.RadioMediaType", "Media Player");
    Line Deleted : user_pref("CT3196716.RadioMenuSelectedID", "EBRadioMenu_CT31967169962");
    Line Deleted : user_pref("CT3196716.RadioShrinkedFromSetup", false);
    Line Deleted : user_pref("CT3196716.RadioStationName", "California%20Rock");
    Line Deleted : user_pref("CT3196716.RadioStationURL", "hxxp://feedlive.net/california.asx");
    Line Deleted : user_pref("CT3196716.SHRINK_TOOLBAR", 1);
    Line Deleted : user_pref("CT3196716.SearchCaption", "WiseConvert Customized Web Search");
    Line Deleted : user_pref("CT3196716.SearchEngineBeforeUnload", "Google");
    Line Deleted : user_pref("CT3196716.SearchFromAddressBarIsInit", true);
    Line Deleted : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=");
    Line Deleted : user_pref("CT3196716.SearchInNewTabEnabled", true);
    Line Deleted : user_pref("CT3196716.SearchInNewTabIntervalMM", 1440);
    Line Deleted : user_pref("CT3196716.SearchInNewTabLastCheckTime", "Sat May 18 2013 17:15:46 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
    Line Deleted : user_pref("CT3196716.SearchInNewTabUserEnabled", false);
    Line Deleted : user_pref("CT3196716.SearchProtectorEnabled", false);
    Line Deleted : user_pref("CT3196716.SearchProtectorToolbarDisabled", false);
    Line Deleted : user_pref("CT3196716.SendProtectorDataViaLogin", true);
    Line Deleted : user_pref("CT3196716.ServiceMapLastCheckTime", "Sat May 18 2013 17:15:49 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.SettingsLastCheckTime", "Sat May 18 2013 17:15:45 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.SettingsLastUpdate", "1368864727");
    Line Deleted : user_pref("CT3196716.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13");
    Line Deleted : user_pref("CT3196716.ThirdPartyComponentsInterval", 504);
    Line Deleted : user_pref("CT3196716.ThirdPartyComponentsLastCheck", "Thu May 03 2012 22:33:16 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.ThirdPartyComponentsLastUpdate", "1331805997");
    Line Deleted : user_pref("CT3196716.ToolbarShrinkedFromSetup", false);
    Line Deleted : user_pref("CT3196716.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3196716");
    Line Deleted : user_pref("CT3196716.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
    Line Deleted : user_pref("CT3196716.UserID", "UN62248300989923426");
    Line Deleted : user_pref("CT3196716.ValidationData_Search", 1);
    Line Deleted : user_pref("CT3196716.ValidationData_Toolbar", 2);
    Line Deleted : user_pref("CT3196716.WeatherNetwork", "");
    Line Deleted : user_pref("CT3196716.WeatherPollDate", "Tue Dec 11 2012 22:10:01 GMT-0600 (Central Standard Time)");
    Line Deleted : user_pref("CT3196716.WeatherUnit", "F");
    Line Deleted : user_pref("CT3196716.alertChannelId", "1613210");
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e.:2z527", "2423");
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e06cg5el8:", "6E6D6C6D716C70727778");
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737273777276787D7E242F4B49474F42357D5D5C3D");
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A474D4D5E55607971246E7778257[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
    Line Deleted : user_pref("CT3196716.backendstorage./9b-0?3g>d", "696B6D3E3D3E6C417A747248742048487E4F2551244F532A24265828575A292F295F2931");
    Line Deleted : user_pref("CT3196716.backendstorage./9b-0?3g@6:5;", "");
    Line Deleted : user_pref("CT3196716.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
    Line Deleted : user_pref("CT3196716.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
    Line Deleted : user_pref("CT3196716.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
    Line Deleted : user_pref("CT3196716.backendstorage./9b5ba==9cjag", "6A3F3B3F6A7071437A6F75487477774849777B5050");
    Line Deleted : user_pref("CT3196716.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C6D716C70727772777A73");
    Line Deleted : user_pref("CT3196716.backendstorage./9b9643g3/9e", "6A");
    Line Deleted : user_pref("CT3196716.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
    Line Deleted : user_pref("CT3196716.backendstorage./9b<:222h64<", "393F352F3E");
    Line Deleted : user_pref("CT3196716.backendstorage./9b<:222h64<l8daj", "6D7070707673737976762A7A77727C7E752122");
    Line Deleted : user_pref("CT3196716.backendstorage./9b=+03eh8h8j?:", "4443");
    Line Deleted : user_pref("CT3196716.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
    Line Deleted : user_pref("CT3196716.backendstorage./9b?b0d:8aj62<h", "6D");
    Line Deleted : user_pref("CT3196716.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
    Line Deleted : user_pref("CT3196716.backendstorage.cbcountry_000", "5553");
    Line Deleted : user_pref("CT3196716.backendstorage.cbcountry_001", "5553");
    Line Deleted : user_pref("CT3196716.backendstorage.cbfirsttime", "546875204D617920303320323031322032323A33333A323820474D542D30353030202843656E7472616C204461796C696768742054696D6529");
    Line Deleted : user_pref("CT3196716.backendstorage.cbopenmamsettings", "30");
    Line Deleted : user_pref("CT3196716.backendstorage.event_data", "253542253544");
    Line Deleted : user_pref("CT3196716.backendstorage.fired_events", "");
    Line Deleted : user_pref("CT3196716.backendstorage.key_date", "3131");
    Line Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.exipres", "547565204D617920303820323031322032323A33333A323720474D542D30353030202843656E7472616C204461796C696768742054696D6529");
    Line Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
    Line Deleted : user_pref("CT3196716.backendstorage.url_history0001", "687474703A2F2F617070732E636F6E647569742E636F6D2F3F536561726368536F757263654F726967696E3D323926637469643D435433313936373136266F637469643D435433313[...]
    Line Deleted : user_pref("CT3196716.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
    Line Deleted : user_pref("CT3196716.globalFirstTimeInfoLastCheckTime", "Thu May 03 2012 22:33:20 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.homepageProtectorEnableByLogin", true);
    Line Deleted : user_pref("CT3196716.initDone", true);
    Line Deleted : user_pref("CT3196716.isAppTrackingManagerOn", true);
    Line Deleted : user_pref("CT3196716.isFirstRadioInstallation", false);
    Line Deleted : user_pref("CT3196716.myStuffEnabled", true);
    Line Deleted : user_pref("CT3196716.myStuffPublihserMinWidth", 400);
    Line Deleted : user_pref("CT3196716.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    Line Deleted : user_pref("CT3196716.myStuffServiceIntervalMM", 1440);
    Line Deleted : user_pref("CT3196716.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    Line Deleted : user_pref("CT3196716.navigateToUrlOnSearch", false);
    Line Deleted : user_pref("CT3196716.revertSettingsEnabled", false);
    Line Deleted : user_pref("CT3196716.searchProtectorDialogDelayInSec", 10);
    Line Deleted : user_pref("CT3196716.searchProtectorEnableByLogin", true);
    Line Deleted : user_pref("CT3196716.testingCtid", "");
    Line Deleted : user_pref("CT3196716.toolbarAppMetaDataLastCheckTime", "Sat May 18 2013 17:15:49 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.toolbarContextMenuLastCheckTime", "Thu May 03 2012 22:33:21 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CT3196716.usagesFlag", 2);
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3196716/CT3196716", "\"22235ed05140226d597dbe76454d0a9c3\"");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1613210/1606743/US", "\"0\"");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3196716", "\"1367226736\"");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:1563\"");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:144a\"");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:155b\"");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:15ff\"");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:15a3\"");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:1694\"");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3196716", "\"6341c50648fd59897cde84cfa3927631\"");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"c4977f141495a426449c43bce7e2dab7\"");
    Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"b382247af9bfb94111de7928f312ff02\"");
    Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Dad.YOUR-4DACD0EA75\\Application Data\\Mozilla\\Firefox\\Profiles\\37fti8ke.default\\conduitCommon\\modules\\3.16.0.3"[...]
    Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
    Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://tools.wiseconvert.com/video_converter.php", "600x598");
    Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.youconvertit.com", "910x618");
    Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
    Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3196716");
    Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3196716");
    Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3196716");
    Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri May 04 2012 01:08:33 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CommunityToolbar.globalUserId", "131629bb-cf34-4379-9550-3b93fcc1ad96");
    Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Dec 11 2012 22:10:02 GMT-0600 (Central Standard Time)");
    Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
    Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
    Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu May 03 2012 22:33:34 GMT-0500 (Central Daylight Time)");
    Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
    Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Dec 11 2012 22:10:02 GMT-0600 (Central Standard Time)");
    Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Line Deleted : user_pref("CommunityToolbar.notifications.userId", "1289c324-9d3c-4aae-84b2-2e9d40ccf9e0");
    Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/ig");
    Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");

    -\\ Google Chrome v

    [ File : C:\Documents and Settings\DAD.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [34696 octets] - [23/09/2013 01:55:19]
    AdwCleaner[S0].txt - [35099 octets] - [23/09/2013 01:57:57]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [35160 octets] ##########

  6. #6
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Default RE: PC Loading slowly...

    Here's the OTL Log:

    OTL logfile created on: 9/23/2013 2:10:48 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    702.48 Mb Total Physical Memory | 152.39 Mb Available Physical Memory | 21.69% Memory free
    1.30 Gb Paging File | 0.69 Gb Available in Paging File | 52.70% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 140.47 Gb Total Space | 70.98 Gb Free Space | 50.53% Space Free | Partition Type: NTFS
    Drive E: | 8.56 Gb Total Space | 0.58 Gb Free Space | 6.77% Space Free | Partition Type: FAT32

    Computer Name: YOUR-4DACD0EA75 | User Name: Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe (AVAYA Communication)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe (SiSoftware)
    PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
    PRC - C:\WINDOWS\arservice.exe (Microsoft)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\WINDOWS\system32\quartz.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
    MOD - C:\WINDOWS\system32\sbe.dll ()
    MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\WINDOWS\system32\devenum.dll ()


    ========== Services (SafeList) ==========

    SRV - (vToolbarUpdater15.5.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (Freemake Improver) -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
    SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (iClarityQoSService) -- C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe (AVAYA Communication)
    SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe (SiSoftware)
    SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
    SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (ftsata2) -- system32\DRIVERS\ftsata2.sys File not found
    DRV - (DCamUSBVeo532) -- System32\Drivers\ubVeo532.sys File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\DAD~1.YOU\LOCALS~1\Temp\catchme.sys File not found
    DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()
    DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
    DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
    DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
    DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
    DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)
    DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\WNt500x86\sandra.sys (SiSoftware)
    DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
    DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
    DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
    DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech, Inc.)
    DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 BF 68 E7 C9 C6 CD 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{47130832-F17F-4B95-A626-D153584228DC}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111126&iesrc={referrer:source}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Google"
    FF - prefs.js..browser.search.order.1: "Google"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
    FF - prefs.js..extensions.enabledAddons: fmconverter%40gmail.com:1.0.0
    FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1024
    FF - prefs.js..extensions.enabledAddons: zigboom.designs%40gmail.com:2.0.8
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/31 17:40:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/05/04 22:48:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/17 23:02:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/17 23:02:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/09/28 22:51:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

    [2009/07/30 20:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
    [2013/09/16 14:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions
    [2013/07/16 23:09:14 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
    [2013/08/15 00:26:06 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\btpersonas@brandthunder.com
    [2013/02/04 23:41:04 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\info@djzig.com
    [2013/06/21 22:08:24 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\LogMeInClient@logmein.com
    [2013/02/05 10:16:39 | 000,000,000 | ---D | M] (BlackFox V2-Blue) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\zigboom.designs@gmail.com
    [2011/11/26 02:07:22 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\searchplugins\bing-zugo.xml
    [2013/09/17 23:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/09/17 23:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/09/17 23:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/09/17 23:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/09/17 23:03:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/05/04 22:48:02 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
    [2011/11/12 17:23:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
    [2013/05/21 19:11:20 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml

    ========== Chrome ==========

    CHR - Extension: No name found = C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
    CHR - Extension: No name found = C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\

    O1 HOSTS File: ([2011/07/18 23:38:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Driver Genius] File not found
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/tes...enXInstall.cab (TTestGenXInstallObject)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players...stallAsst2.cab (Pearson Installation Assistant 2)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19BBB996-5117-464D-A89F-CD2424DA7BD0}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E053139-5D2F-4791-9D3C-EB9FABA46996}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/30 23:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2012/02/10 23:42:56 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
    O34 - HKLM BootExecute: ('autocheck autochk *')
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: Ias - File not found
    NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/09/23 01:54:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/09/23 01:39:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Recent
    [2013/09/17 23:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/09/15 17:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
    [2013/09/15 17:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
    [2013/09/15 17:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\AppData
    [2013/09/15 17:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2013/09/15 17:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\IObit
    [2013/09/15 17:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2013/09/13 08:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    [2013/08/31 00:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Shop'NCook Pro
    [2013/08/31 00:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Shop'NCook Pro
    [2013/08/25 11:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
    [5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/09/23 02:20:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/09/23 02:17:01 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A5BA4143-133C-40B2-AB6F-015DCEDD0290}.job
    [2013/09/23 02:01:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/09/23 02:01:36 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
    [2013/09/23 02:01:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
    [2013/09/23 02:01:36 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
    [2013/09/23 02:01:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN.job
    [2013/09/23 02:01:35 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
    [2013/09/23 02:01:35 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
    [2013/09/23 02:00:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/09/23 02:00:26 | 736,677,888 | -HS- | M] () -- C:\hiberfil.sys
    [2013/09/23 01:38:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/09/23 01:21:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2250449246-3165194149-3948157566-1016Core1ce7ec755383511.job
    [2013/09/22 20:40:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2013/09/21 14:00:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2013/09/21 10:33:07 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2013/09/21 10:10:13 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2013/09/21 08:45:47 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
    [2013/09/21 01:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
    [2013/09/19 23:38:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/09/19 23:38:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/09/18 17:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/09/17 10:00:20 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
    [2013/09/16 23:10:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
    [2013/09/15 17:21:56 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
    [2013/09/14 04:24:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\prvlcl.dat
    [2013/09/11 03:37:48 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
    [2013/09/08 07:01:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
    [2013/09/06 00:55:18 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerResumeInstall_Dad.job
    [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2013/09/03 11:41:48 | 016,436,183 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\DJ Migs - Sunday Night (Mushroom Jazz 2).flv
    [2013/08/30 11:23:58 | 076,249,771 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Golf Joke_ The Cast Away.mp4
    [2013/08/30 08:44:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/08/26 18:30:29 | 000,003,725 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
    [5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/09/15 17:21:57 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
    [2013/09/15 17:21:56 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
    [2013/09/03 11:39:40 | 016,436,183 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\DJ Migs - Sunday Night (Mushroom Jazz 2).flv
    [2013/08/30 11:23:26 | 076,249,771 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Golf Joke_ The Cast Away.mp4
    [2013/05/24 23:29:36 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
    [2013/04/15 10:29:49 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
    [2013/03/02 18:00:05 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\.DLMSave_back.xml
    [2013/03/02 18:00:05 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\.DLMSave.xml
    [2013/03/02 13:12:44 | 000,001,247 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\.Setting.ini
    [2012/08/13 10:35:51 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\dt.dat
    [2012/05/14 01:21:49 | 002,015,577 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2250449246-3165194149-3948157566-1016-0.dat
    [2012/05/14 01:21:37 | 000,338,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/02/16 00:48:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/01 23:52:04 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/02/01 23:52:04 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/02/01 23:52:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/02/01 23:47:11 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2012/02/01 23:37:28 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
    [2012/02/01 23:03:13 | 000,010,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
    [2011/12/06 01:29:46 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\.backup.dm
    [2011/09/05 10:04:16 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\webct_upload_applet.properties
    [2011/07/02 15:37:57 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588r
    [2011/07/02 15:37:56 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588
    [2011/07/02 15:37:32 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16375588
    [2010/11/04 16:31:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\prvlcl.dat
    [2009/07/30 20:35:30 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/07/30 20:20:43 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
    [2008/05/19 01:09:41 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
    [2008/04/12 19:27:21 | 007,028,736 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
    [2008/04/12 19:27:20 | 007,028,736 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mdb
    [2008/02/12 00:19:33 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

    ========== ZeroAccess Check ==========

    [2005/08/30 22:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/04 01:12:56 | 001,497,088 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/12/17 13:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2013/01/28 10:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
    [2013/06/18 08:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
    [2012/10/11 09:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
    [2011/07/17 21:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2012/06/02 09:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
    [2011/12/14 20:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cerasus.media
    [2009/10/12 08:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
    [2011/12/06 01:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
    [2011/03/15 06:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2008/02/12 02:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
    [2012/02/01 23:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
    [2013/05/04 22:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
    [2009/02/02 18:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2013/09/15 17:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2011/10/16 05:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2013/09/22 18:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/07/17 16:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2008/03/25 22:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2013/08/03 00:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2013/04/15 10:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
    [2013/04/04 00:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WarThunder
    [2008/07/08 01:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2013/06/19 00:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
    [2011/01/22 19:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2013/09/15 17:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
    [2012/08/31 10:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Amazon
    [2012/05/04 01:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\AnvSoft
    [2013/05/04 22:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\AVG SafeGuard toolbar
    [2012/10/11 09:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\AVG2013
    [2011/12/14 20:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\cerasus.media
    [2013/03/07 23:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Coby Media Manager
    [2012/08/05 14:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\com.amazon.music.uploader
    [2013/09/15 17:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\IObit
    [2011/09/20 22:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\PPIMAGES
    [2012/11/19 23:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\StreamPlayer
    [2012/10/11 09:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\TuneUp Software
    [2013/08/05 01:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Waterfox Limited

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\explorer.exe
    [2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2004/08/09 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

    < MD5 for: SERVICES.EXE >
    [2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
    [2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
    [2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
    [2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\services.exe
    [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
    [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
    [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
    [2004/08/09 23:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

    < MD5 for: SVCHOST.EXE >
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\svchost.exe
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
    [2004/08/09 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/09 23:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2004/08/09 23:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < %systemroot%\*. /rp /s >

    < %systemdrive%\$Recycle.Bin|@;true;true;true >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s > >

    ========== Base Services ==========
    SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
    SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
    SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
    SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
    SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
    SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
    SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
    SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
    SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
    SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
    SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
    SRV - [2008/04/13 19:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
    SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
    SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
    SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
    SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
    SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
    SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
    SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
    SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
    SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
    SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
    SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
    SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
    SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
    SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
    SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
    SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
    SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
    SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
    SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
    SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
    SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
    SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
    SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
    SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
    SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
    SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
    SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
    SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
    SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
    SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
    SRV - [2008/05/19 02:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
    SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
    SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
    SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
    SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
    SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
    Interface type: IDE
    Media Type: Fixed\thard disk media
    Model: ST316081 2AS SCSI Disk Device
    Partitions: 2
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 140.00GB
    Starting Offset: 32256
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 9.00GB
    Starting Offset: 150835184640
    Hidden sectors: 0


    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
    [C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
    [C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
    [C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1

    < End of report >

  7. #7
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Question RE: PC Loading slowly....

    How is the computer running?
    Not Sure. I'm looking at getting rid of this 'LAG' that occures when I play golf on the WGT website. I've been using CCleaner before each round to clear the CACHE on my browser (FIREFOX) No LAG at first, then by mid round, it starts up again. How do I stop that? (New PC?)

  8. #8
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi speedinc,

    There should have been a 2nd file generated when you ran OTL called Extras.txt. It should be on your desktop. Please locate it and post in your next reply.

    =========================

    Quote Originally Posted by speedinc View Post
    Not Sure. I'm looking at getting rid of this 'LAG' that occures when I play golf on the WGT website. I've been using CCleaner before each round to clear the CACHE on my browser (FIREFOX) No LAG at first, then by mid round, it starts up again. How do I stop that? (New PC?)
    702.48 Mb Total Physical Memory | 152.39 Mb Available Physical Memory | 21.69% Memory free

    As you are probably well aware from the information shown above you're system resources are a bit limited to be able to play games successfully without some degradation. Updating your RAM or buying a new PC might alleviate those lagging issues.

    In your next post please provide the following:
    • Extras.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  9. #9
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Default RE: PC Loading Slowly

    In your next post please provide the following:

    AdwCleaner.txt
    OTL.txt
    Do not post Extras.txt
    How is the computer running?
    Just following the instructions....

    Here's the Extras.txt...

    OTL Extras logfile created on: 9/23/2013 2:10:48 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    702.48 Mb Total Physical Memory | 152.39 Mb Available Physical Memory | 21.69% Memory free
    1.30 Gb Paging File | 0.69 Gb Available in Paging File | 52.70% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 140.47 Gb Total Space | 70.98 Gb Free Space | 50.53% Space Free | Partition Type: NTFS
    Drive E: | 8.56 Gb Total Space | 0.58 Gb Free Space | 6.77% Space Free | Partition Type: FAT32

    Computer Name: YOUR-4DACD0EA75 | User Name: Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = html_auto_file] -- C:\Program Files\Windows NT\Accessories\WORDPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
    "80:TCP" = 80:TCP:*:Enabled:War Thunder
    "443:TCP" = 443:TCP:*:Enabled:War Thunder
    "20010:UDP" = 20010:UDP:*:Enabled:War Thunder
    "3478:UDP" = 3478:UDP:*:Enabled:War Thunder
    "7850:TCP" = 7850:TCP:*:Enabled:War Thunder
    "27022:TCP" = 27022:TCP:*:Enabled:War Thunder
    "6881:TCP" = 6881:TCP:*:Enabled:War Thunder
    "33333:TCP" = 33333:TCP:*:Enabled:War Thunder
    "20443:TCP" = 20443:TCP:*:Enabled:War Thunder
    "8090:TCP" = 8090:TCP:*:Enabled:War Thunder

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
    "C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Avaya\Avaya one-X Communicator\SparkEmulator.exe" = C:\Program Files\Avaya\Avaya one-X Communicator\SparkEmulator.exe:*:Enabled:Spark Endpoint Emulator R1.1 (14) -- (Avaya, Inc.)
    "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
    "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
    "C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
    "C:\Program Files\Mozilla Firefox\plugin-container.exe" = C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)
    "C:\Program Files\Amazon\Utilities\Amazon Music Importer\Amazon Music Importer.exe" = C:\Program Files\Amazon\Utilities\Amazon Music Importer\Amazon Music Importer.exe:*:Enabled:Amazon Music Importer -- ()
    "C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Deskjet 3510 series) -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Deskjet 3510 series) -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe" = C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP Deskjet 3510 series) -- (Hewlett-Packard Co.)
    "C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{1006DA78-79A1-43AD-BEB9-7CDCDAEFD588}" = HP Deskjet 3510 series Product Improvement Study
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{12FC1931-EC4C-4884-93EA-7744B238A5B9}" = MyBudgetPlanner
    "{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.1
    "{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
    "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
    "{2E6F5711-0A88-460A-B4C8-EB64573BF7E9}_is1" = Mahjongg - Ancient Mayas
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{32EF6F81-583E-4127-918D-D3768A8957C4}" = Palm
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
    "{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{68D47332-A69E-4B72-83B7-D34AE73B0CE8}" = Cisco AnyConnect VPN Client
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
    "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
    "{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
    "{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
    "{87131DB9-73D1-3FD7-9B25-0F12491F02A9}" = Google Talk Plugin
    "{88742616-A6E9-4C7E-9665-B625799541FB}" = Wireless-G PCI Adapter
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
    "{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
    "{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}" = HP Deskjet 3510 series Help
    "{98823CC0-51DA-565C-FF90-DCC72D47BD24}" = Amazon Music Importer
    "{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
    "{9A4F58EC-AA61-4382-81B3-80971396F851}" = Coby Media Manager
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F1F6E90-519F-4217-9A4B-466632D5CCCB}" = HP Deskjet 3510 series Basic Device Software
    "{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A3960197-74C2-4362-B816-11AB39E9C84D}_is1" = eCalc Scientific (v1.5)
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
    "{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
    "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite XII.SP2a
    "{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
    "{C8797726-5DE1-4609-9335-D5D1BA0C28B6}_is1" = Shop'NCook Pro version 4.0.17
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
    "{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{EE827DAC-71E4-4E98-805C-66E2CBF41513}" = Avaya one-X Communicator
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4D59B35-A902-41D3-9BE9-20534881D03D}" = ArcSoft PhotoImpression
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FB8BE5FF-BDEF-46B2-BB37-02E45F8DEF99}" = DJ3510FWUpdateAlert
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
    "Audacity_is1" = Audacity 1.2.6
    "AVG" = AVG 2013
    "AVG SafeGuard toolbar" = AVG SafeGuard toolbar
    "AwayMode160" = Microsoft Away Mode
    "Belarc Advisor" = Belarc Advisor 7.2
    "Budget Sheet Manager V4.0" = Budget Sheet Manager V4.0
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
    "com.amazon.music.uploader" = Amazon Music Importer
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "ERUNT_is1" = ERUNT 1.1j
    "Freemake Audio Converter_is1" = Freemake Audio Converter version 1.1.0
    "Freemake Video Converter_is1" = Freemake Video Converter version 4.0.1
    "HijackThis" = HijackThis 2.0.2
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Photo Creations" = HP Photo Creations
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
    "Python 2.2.3" = Python 2.2.3
    "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
    "RealPlayer 12.0" = RealPlayer
    "Smart Defrag 2_is1" = Smart Defrag 2
    "SpywareBlaster_is1" = SpywareBlaster 4.1
    "WildTangent compaq Master Uninstall" = My HP Games
    "WildTangent hp Master Uninstall" = HP Games
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/6/2013 1:55:32 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
    Description = Faulting application rnupgagent.exe, version 10.5.0.19, faulting module
    rnupgagent.exe, version 10.5.0.19, fault address 0x00008fe0.

    Error - 9/7/2013 12:33:22 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/7/2013 12:21:47 PM | Computer Name = YOUR-4DACD0EA75 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 freemakeutilsservice.exe, P2 1.0.0.0, P3 517e43d0,
    P4 mscorlib, P5 4.0.0.0, P6 4e181ae3, P7 6127, P8 39, P9 system.argumentexception,
    P10 NIL.

    Error - 9/7/2013 12:22:02 PM | Computer Name = YOUR-4DACD0EA75 | Source = .NET Runtime | ID = 1026
    Description = Application: FreemakeUtilsService.exe Framework Version: v4.0.30319
    Description:
    The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException
    Stack:

    at System.Security.Principal.SecurityIdentifier..ctor(System.String) at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()

    at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)

    at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck() at FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object,
    System.EventArgs) at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object,
    System.ComponentModel.RunWorkerCompletedEventArgs) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)

    at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)

    at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback,
    System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

    at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


    Error - 9/11/2013 4:43:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 freemakeutilsservice.exe, P2 1.0.0.0, P3 517e43d0,
    P4 mscorlib, P5 4.0.0.0, P6 4e181ae3, P7 6127, P8 39, P9 system.argumentexception,
    P10 NIL.

    Error - 9/11/2013 4:43:36 PM | Computer Name = YOUR-4DACD0EA75 | Source = .NET Runtime | ID = 1026
    Description = Application: FreemakeUtilsService.exe Framework Version: v4.0.30319
    Description:
    The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException
    Stack:

    at System.Security.Principal.SecurityIdentifier..ctor(System.String) at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()

    at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)

    at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck() at FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object,
    System.EventArgs) at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object,
    System.ComponentModel.RunWorkerCompletedEventArgs) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)

    at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)

    at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback,
    System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

    at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


    Error - 9/13/2013 5:00:28 PM | Computer Name = YOUR-4DACD0EA75 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 freemakeutilsservice.exe, P2 1.0.0.0, P3 517e43d0,
    P4 mscorlib, P5 4.0.0.0, P6 4e181ae3, P7 6127, P8 39, P9 system.argumentexception,
    P10 NIL.

    Error - 9/13/2013 5:00:42 PM | Computer Name = YOUR-4DACD0EA75 | Source = .NET Runtime | ID = 1026
    Description = Application: FreemakeUtilsService.exe Framework Version: v4.0.30319
    Description:
    The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException
    Stack:

    at System.Security.Principal.SecurityIdentifier..ctor(System.String) at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()

    at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)

    at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck() at FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object,
    System.EventArgs) at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object,
    System.ComponentModel.RunWorkerCompletedEventArgs) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)

    at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)

    at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback,
    System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

    at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


    Error - 9/21/2013 4:58:10 AM | Computer Name = YOUR-4DACD0EA75 | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 freemakeutilsservice.exe, P2 1.0.0.0, P3 517e43d0,
    P4 mscorlib, P5 4.0.0.0, P6 4e181ae3, P7 6127, P8 39, P9 system.argumentexception,
    P10 NIL.

    Error - 9/21/2013 4:58:28 AM | Computer Name = YOUR-4DACD0EA75 | Source = .NET Runtime | ID = 1026
    Description = Application: FreemakeUtilsService.exe Framework Version: v4.0.30319
    Description:
    The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException
    Stack:

    at System.Security.Principal.SecurityIdentifier..ctor(System.String) at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()

    at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)

    at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck() at FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object,
    System.EventArgs) at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object,
    System.ComponentModel.RunWorkerCompletedEventArgs) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)

    at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)

    at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback,
    System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

    at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


    [ Cisco AnyConnect VPN Client Events ]
    Error - 9/15/2013 10:43:39 PM | Computer Name = YOUR-4DACD0EA75 | Source = vpnagent | ID = 50331649
    Description = Function: WaitForSingleObject Return code: 258 File: .\Agent.cpp Line:
    677 Description: The wait operation timed out.

    [ OSession Events ]
    Error - 9/7/2009 3:51:02 PM | Computer Name = YOUR-4DACD0EA75 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    Error - 1/30/2010 1:04:30 AM | Computer Name = YOUR-4DACD0EA75 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    Error - 6/11/2010 9:01:40 AM | Computer Name = YOUR-4DACD0EA75 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    [ System Events ]
    Error - 9/22/2013 11:55:58 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Freemake Improver service
    to connect.

    Error - 9/22/2013 11:55:58 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
    Description = The Freemake Improver service failed to start due to the following
    error: %%1053

    Error - 9/22/2013 11:56:03 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Error - 9/22/2013 7:50:11 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Freemake Improver service
    to connect.

    Error - 9/22/2013 7:50:11 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
    Description = The Freemake Improver service failed to start due to the following
    error: %%1053

    Error - 9/22/2013 7:50:19 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Error - 9/23/2013 3:02:21 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Freemake Improver service
    to connect.

    Error - 9/23/2013 3:02:21 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
    Description = The Freemake Improver service failed to start due to the following
    error: %%1053

    Error - 9/23/2013 3:02:21 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
    Description = The vToolbarUpdater15.5.0 service failed to start due to the following
    error: %%2

    Error - 9/23/2013 3:02:26 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ftsata2


    < End of report >


    702.48 Mb Total Physical Memory | 152.39 Mb Available Physical Memory | 21.69% Memory free

    As you are probably well aware from the information shown above you're system resources are a bit limited to be able to play games successfully without some degradation. Updating your RAM or buying a new PC might alleviate those lagging issues.
    Pretty ignorant when it comes to that sort of thing. Based on the above info, How much MORE RAM would I need to get rid of the lagging issues. Can I just add more RAM to this PC? Or do I have to buy a GAMMING PC?

  10. #10
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi speedinc,

    Just following the instructions....
    Yes you were, sorry that was my mistake.

    =========================

    Here is some information about how to upgrade your RAM. Be advised that not all computers can accept an upgrade to memory.

    It is a relatively easy process. The actual steps will be slightly different depending on whether your computer is a Tower or a Laptop. The only difference being the steps taken to access the RAM modules. Once you locate the RAM modules the steps are nearly identical.

    Crucial.com is the site I have used for many years, you can download their free Memory Advisor tool that will scan your system and tell you what they suggest adding based on your system.

    Memory Advisor - will give you recommendations of upgrade options.

    System Scanner - will give you the specs for your system.

    Desktop PC installation Video

    Laptop Installation Video

    =========================

    Uninstall via Programs and Features

    Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
    • AVG SafeGuard toolbar
    • Freemake Audio Converter version 1.1.0
    • Freemake Video Converter version 4.0.1

    =========================

    Disable FireFox plug-in

    • At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
    • In the Add-ons Manager tab, select the Extensions or Appearance panel.
    • Select the add-on you wish to disable.
      • Freemake Video Converter Plugin
      • Safeguard-Secure-Search
    • Click the Disable button.
    • Click Restart now if it pops up. Your tabs will be saved and restored after the restart.

    =========================

    Run OTL.exe

      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/05/04 22:48:02 | 000,000,000 | ---D | M]
      [2013/05/04 22:48:02 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
      [2013/05/21 19:11:20 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
      O2 - BHO: (no name) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - No CLSID value found.
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
      O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      [2013/09/15 17:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
      [2013/09/15 17:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\IObit
      [2013/09/15 17:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
      [2013/08/26 18:30:29 | 000,003,725 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
      
      :Files
      C:\Program Files\Common Files\AVG Secure Search
      C:\Documents and Settings\All Users\Application Data\Freemake
      C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
      C:\PROGRAM FILES\FREEMAKE
      
      :Services
      vToolbarUpdater15.5.0
      Freemake Improver
      
      :Reg
      
      :Commands
      [purity]
      [createrestorepoint]
      [emptyjava]
      [emptyflash]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

    =========================

    In your next post please provide the following:
    • OTL.txt
    • Update on performance
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •