TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Saurabh77 on November 28, 2011, 01:02:09 PM

Title: Very Slow Laptop
Post by: Saurabh77 on November 28, 2011, 01:02:09 PM

Hi,

I have a Compaq Laptop with an AMD Athlon X2 Dual Core processor and 2 GB RAM with a Windows 7 Professional. Recently it has become very slow and tends to heat up very quickly, web pages take a lot of time to load up and laptop tends to hang a lot. Please help in sorting this out!

Thanks!
Saurabh

Title: Very Slow Laptop
Post by: guestolo on November 28, 2011, 11:21:17 PM

Download [color="#FF0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.

Close all windows and right click on OTL.exe and choose to "Run as Administrator"
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Title: Very Slow Laptop
Post by: Saurabh77 on November 29, 2011, 03:38:55 PM

Hi,

Here are the logs:

OTL logfile created on: 11/30/2011 12:20:13 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\saurabh\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 32.01% Memory free
3.49 Gb Paging File | 2.04 Gb Available in Paging File | 58.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.75 Gb Total Space | 11.39 Gb Free Space | 8.65% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.73% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 3.92 Gb Free Space | 0.84% Space Free | Partition Type: NTFS

Computer Name: SAURABH | User Name: saurabh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/29 13:41:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\saurabh\Downloads\OTL.exe
PRC - [2011/11/28 19:58:15 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/11/28 19:57:38 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/11/12 21:52:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/25 09:13:49 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/09/20 15:30:46 | 001,185,008 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2011/09/12 21:34:47 | 000,034,496 | ---- | M] () -- C:\Users\saurabh\AppData\Local\Workspace\workspaceupdate.exe
PRC - [2011/07/16 08:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/04 04:52:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2011/02/26 09:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/21 11:53:40 | 001,483,264 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/25 12:26:53 | 000,755,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2010/11/25 12:26:13 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/16 14:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/09/24 13:15:57 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 14:45:40 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 14:45:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 14:44:55 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/11 10:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/07/30 16:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/30 16:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/14 05:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/28 19:57:38 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/11/17 14:53:21 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/12 21:52:37 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/07 12:19:44 | 000,076,800 | ---- | M] () -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko8.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/12 21:34:47 | 000,034,496 | ---- | M] () -- C:\Users\saurabh\AppData\Local\Workspace\workspaceupdate.exe
MOD - [2010/02/10 18:10:10 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/30 16:49:52 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008/08/12 10:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2008/07/29 13:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2008/07/29 13:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2008/07/29 13:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2008/07/29 13:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2008/07/29 12:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 19:58:15 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 17:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/09/20 15:30:46 | 001,185,008 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/07/16 14:45:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/16 17:34:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/16 17:01:22 | 000,132,464 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2009/08/04 10:51:00 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/27 19:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 05:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 05:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 05:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009/06/18 20:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/13 22:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/03/03 01:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/09/13 09:24:58 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/06 03:22:13 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/02 12:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/12/02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/12/02 10:36:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/07/26 12:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/07/16 14:44:57 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/04 11:25:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/27 19:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 13:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 03:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/14 03:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 03:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 03:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/02 10:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/05/16 05:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/16 05:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 05:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 05:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 05:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/05/04 22:30:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/04/29 19:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AE&c=92&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AE&c=92&bd=all&pf=cmnb
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AE&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bloomberg.com/
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bloomberg.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\saurabh\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\saurabh\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\saurabh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\saurabh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 09:29:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/20 23:16:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/11/28 20:00:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 21:52:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/17 18:58:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/01/24 00:58:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Extensions
[2011/11/10 06:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions
[2011/11/08 14:43:13 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/11/10 06:53:11 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/26 06:03:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions\[email protected]
[2011/11/13 01:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/12 21:35:09 | 000,000,000 | ---D | M] (WBE Paste) -- C:\USERS\SAURABH\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\WBEPASTE@STARFIELD
[2011/09/12 21:35:10 | 000,000,000 | ---D | M] (Web-Based Email Zoom) -- C:\USERS\SAURABH\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\ZOOMEXT@STARFIELD
() (No name found) -- C:\USERS\SAURABH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9DBLE8.DEFAULT\EXTENSIONS\[email protected]
[2011/11/12 21:52:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/24 09:28:38 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/11/28 19:57:34 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/08 10:53:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 21:52:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Online File Folder plugin 1.0.22.28 (Enabled) = C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npoff.dll
CHR - plugin: Web-Based Email plug-in 1.0.15.15 (Enabled) = C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npwbe.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\saurabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Poppit = C:\Users\saurabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2009/06/11 01:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [{E481D98A-5DFC-AD7F-094E-F5EE046CD6F3}] C:\Users\saurabh\AppData\Roaming\Wuut\uxjuy.exe File not found
O4 - HKCU..\Run: [Lexar_Echo_Backup_Manager.exe] C:\Users\saurabh\AppData\Roaming\Lexar\Lexar_Echo_Backup_Manager.exe (Dmailer S.A.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Starfield Updater] C:\Users\saurabh\AppData\Local\Workspace\WorkspaceUpdate.exe ()
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Angry Birds All Download Free.lnk = C:\Program Files\Angry Birds Rio\Angry Birds All Download Free.url ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com (

http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com (

https in Trusted sites)

Title: Very Slow Laptop
Post by: guestolo on November 29, 2011, 07:42:04 PM

try this, right click on OTL.exe and choose to "Run as Admin"

Under "Extra Registry" select 'Use Safelist'
Then run another Scan, when it's done, it should produce Extras.txt on Desktop

In addition: Can I have you do the following:

Download ComboFix from the following location:
[color="#0000FF"]Click HERE[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")

VERY IMPORTANT !!! [color="#FF0000"]Save ComboFix.exe to your Desktop[/color]

* [color="#FF0000"]IMPORTANT[/color] - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link [color="#0000FF"]here[/color] (http://"http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216")

To disable AVG, you can follow the instructions:
Open AVG User Interface.
Double-click on the Resident Shield.
Un-tick the option Resident Shield active.
Save the changes.

Please do not forget to activate the Resident Shield again once you performed the tasks requiring its deactivation.

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

[color="#2E8B57"]Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.[/color]

Please make sure you include the combo fix log in your next reply

Title: Very Slow Laptop
Post by: Saurabh77 on November 30, 2011, 12:19:47 PM

Hi,

Here is the Extras.txt file:

OTL Extras logfile created on: 11/30/2011 9:07:18 PM - Run 5
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\saurabh\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 35.39% Memory free
3.49 Gb Paging File | 1.63 Gb Available in Paging File | 46.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.75 Gb Total Space | 11.15 Gb Free Space | 8.46% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.73% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 3.58 Gb Free Space | 0.77% Space Free | Partition Type: NTFS

Computer Name: SAURABH | User Name: saurabh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1D7DBD8E-4E22-B307-81F4-D55080B16FC7}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{247B9DE4-605C-4CAE-8DFB-4A071290FB1C}" = Aviva SQS
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{32DEA40A-44B0-436D-857D-B770FA710A63}" = Illustration System
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35746344-F2E0-4091-B487-25929B765E0C}_is1" = FPI Illustrations 7.4.4
"{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai
"{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{499FE018-C367-4B1F-A1DE-D6CA7987059A}_is1" = BSE Mkt Watch 1.0.0.9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian
"{511376F5-7E5A-4EC9-B603-193B1D425BC3}" = HP ESU for Microsoft Windows 7
"{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean
"{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light
"{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian
"{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AC1E059-AFFD-4B7C-8E53-76F542BBAB2E}" = Royal London 360 Illustrations
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish
"{7CF31609-270B-11D6-9445-000102308676}" = Java 2 Runtime Environment, SE v1.4.0_01
"{7E305D12-32F9-41BC-80A3-FFA3E2782803}" = WPS Salary
"{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy
"{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional
"{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish
"{816F5E94-B7FE-43EF-B4E6-F22D40A4AFCC}" = HP User Guides 0133
"{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}" = ATI Catalyst Install Manager
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New
"{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113B21A-0EEE-4464-882E-649EE9FE0D7C}" = Aviva SQS
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch
"{C3D20442-ED4E-48E2-9D0A-EFC2BCE0641B}" = Royal Skandia Offshore Quotes
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish
"{DB379FE9-D935-42E2-BDB1-8E7D827799EA}" = Generali NBQ
"{DE88C1E0-E5D5-4C30-B60E-1D092C160465}" = Formtec Design Pro 6
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}" = Windows 7 Default Setting
"{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech
"{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{FA8A6F42-A185-4455-A762-47FD081DEC54}" = Illustration System
"4Videosoft MKV Video Converter_is1" = 4Videosoft MKV Video Converter
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DWG TrueView 2011" = DWG TrueView 2011
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
"Express" = Express Dictate
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"Java Web Start" = Java Web Start
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Nokia PC Suite" = Nokia PC Suite
"PDF Complete" = PDF Complete Special Edition
"PS3 Media Server" = PS3 Media Server
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Scribe" = Express Scribe
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ultra MP4 Video Converter_is1" = Ultra MP4 Video Converter 5.2.0603
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Vector Magic" = Vector Magic
"VLC media player" = VLC media player 1.1.3
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{68BF0BE8-AF72-40e0-B5CA-8C0685E1924E}Lexar_Echo_Backup_Manager.exe" = Lexar_Echo_Backup_Manager.exe
"workspacedesktop" = Workspace Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/25/2011 4:08:46 PM | Computer Name = Saurabh | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The ESENT error was: -1011.

Error - 10/26/2011 8:21:31 AM | Computer Name = Saurabh | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/26/2011 3:55:38 PM | Computer Name = Saurabh | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/27/2011 12:08:29 PM | Computer Name = Saurabh | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/31/2011 1:57:57 PM | Computer Name = Saurabh | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 7.0.1.4288 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.   Process ID: 10a8   Start
Time: 01cc94c2ba0e3469   Termination Time: 5253   Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe   Report Id: c7ca8000-03e9-11e1-9176-c92c8d6ed500

Error - 11/1/2011 2:27:44 AM | Computer Name = Saurabh | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/6/2011 8:14:18 PM | Computer Name = Saurabh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/6/2011 8:14:18 PM | Computer Name = Saurabh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1092

Error - 11/6/2011 8:14:18 PM | Computer Name = Saurabh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092

Error - 11/6/2011 8:14:19 PM | Computer Name = Saurabh | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

< End of report >

Will download Combofix now and scan...

Thanks!
Saurabh

Title: Very Slow Laptop
Post by: Saurabh77 on November 30, 2011, 01:10:38 PM

Hi,

Here is the combofix log:

ComboFix 11-11-30.01 - saurabh 11/30/2011 21:26:07.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1789.578 [GMT 4:00]
Running from: c:\users\saurabh\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\autorun.inf
c:\program files\Setup.exe
c:\programdata\TorrentEasy\fdmbtsupp.dll
C:\readme.txt
c:\users\saurabh\AngryBirds.exe
c:\users\saurabh\AppData\Roaming\Wuut\uxjuy.exe
c:\users\saurabh\GoogleEarthSetup.exe
c:\users\saurabh\OOo_3.2.0_Win32Intel_install_wJRE_en-US (2).exe
c:\users\saurabh\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe
c:\users\saurabh\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
c:\users\saurabh\Passwords! (NEW).xls~RF3627fa.TMP
c:\users\saurabh\wrar392.exe
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-30 17:42 . 2011-11-30 17:42   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-11-29 08:51 . 2011-11-30 17:35   --------   d-----w-   c:\users\saurabh\AppData\Roaming\Ogpui
2011-11-29 08:51 . 2011-11-29 20:00   --------   d-----w-   c:\users\saurabh\AppData\Roaming\Wuut
2011-11-28 15:58 . 2011-11-28 16:00   --------   d-----w-   c:\programdata\AVG Secure Search
2011-11-28 15:57 . 2011-11-28 15:58   --------   d-----w-   c:\program files\Common Files\AVG Secure Search
2011-11-28 15:57 . 2011-11-28 16:00   --------   d-----w-   c:\program files\AVG Secure Search
2011-11-21 17:11 . 2009-09-23 12:48   431936   ----a-w-   c:\windows\system\msvcp100.dll
2011-11-21 17:07 . 2011-11-21 17:07   --------   d-----w-   c:\program files\Angry Birds Rio
2011-11-19 13:34 . 2011-11-19 13:34   --------   d-----w-   c:\users\saurabh\AppData\Local\MPlayer
2011-11-16 21:31 . 2011-11-16 21:31   --------   d-----w-   c:\program files\Vector Magic
2011-11-12 12:19 . 2011-11-12 12:19   --------   d-----w-   c:\windows\system32\SPReview
2011-11-12 12:17 . 2011-11-12 12:17   --------   d-----w-   c:\windows\system32\EventProviders
2011-11-09 09:36 . 2011-09-29 15:43   1285488   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:36 . 2011-10-01 04:43   708608   ----a-w-   c:\program files\Common Files\System\wab32.dll
2011-11-09 09:36 . 2011-09-29 04:20   2339840   ----a-w-   c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 10:53 . 2011-06-28 17:09   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 02:59 . 2011-10-12 07:28   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-09-13 05:24 . 2010-06-14 11:14   29712   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-02-22 13:30 . 2010-02-22 13:30   184320   ----a-w-   c:\program files\SecSNMP.dll
2009-02-19 12:07 . 2009-02-19 12:07   757760   ----a-w-   c:\program files\Ssres.dll
2011-11-12 17:52 . 2011-03-22 17:08   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-19 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-19 08:11   3911776   ----a-w-   c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-28 15:57   1547104   ----a-w-   c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-19 08:11   3911776   ----a-w-   c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-19 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-19 3911776]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-11-28 1547104]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-19 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-19 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"Lexar_Echo_Backup_Manager.exe"="c:\users\saurabh\AppData\Roaming\Lexar\Lexar_Echo_Backup_Manager.exe" [2010-03-23 37438648]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
"Starfield Updater"="c:\users\saurabh\AppData\Local\Workspace\WorkspaceUpdate.exe" [2011-09-12 34496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-25 2078048]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-28 827232]
.
c:\users\saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Angry Birds All Download Free.lnk - c:\program files\Angry Birds Rio\Angry Birds All Download Free.url [2011-8-8 133]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^sdhall^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BSEGadget.lnk]
path=c:\users\sdhall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BSEGadget.lnk
backup=c:\windows\pss\BSEGadget.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KITCO]
c:\program files\Kitco\Kcast\Kcast [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-06-18 16:07   563736   ----a-w-   c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-07-27 22:49   288312   ----a-w-   c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-08-04 19:09   98304   ----a-w-   c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 18:04   498744   ----a-w-   c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-12-02 8576]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-03-16 132464]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-16 1343400]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-05 243152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [2011-09-20 1185008]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-11-28 855904]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 09:09]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 09:09]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1762653480-1981093567-457604102-1001Core1cc93d9f8d319a6.job
- c:\users\saurabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-11 22:19]
.
2010-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1762653480-1981093567-457604102-1001UA.job
- c:\users\saurabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-11 22:19]
.
2010-11-20 c:\windows\Tasks\HPCeeScheduleForsaurabh.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 00:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bloomberg.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AE&c=92&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = local;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B6A7509D-C3E6-441C-94EF-0154765429B5}: NameServer = 8.8.8.8,8.8.4.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bloomberg.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-{E481D98A-5DFC-AD7F-094E-F5EE046CD6F3} - c:\users\saurabh\AppData\Roaming\Wuut\uxjuy.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1762653480-1981093567-457604102-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,*h*,%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-30 22:00:37
ComboFix-quarantined-files.txt 2011-11-30 18:00
.
Pre-Run: 12,251,414,528 bytes free
Post-Run: 13,115,817,984 bytes free
.
- - End Of File - - B4A9BA7EDDAFBA88FA42D32A741E9057

Title: Very Slow Laptop
Post by: guestolo on November 30, 2011, 11:00:42 PM

Can you do the following please

Sometimes, extra search engines and toolbars get installed unknowingly when installing other software
Close down all browser windows
Uninstall the following from windows Control Panel>>Programs and Features

Conduit Engine
uTorrentBar Toolbar

Reboot the computer
Right click on OTL.exe again, and choose to "Run as Admim"
Run a fresh Scan and post the new log that opens

In addition:
Download Security Check by screen317 from here (http://"http://screen317.spywareinfoforum.org/SecurityCheck.exe") or here (http://"http://screen317.changelog.fr/SecurityCheck.exe").

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Could you also let me know if you had products of McAfee installed since you have had the computer
And have since uninstalled them

Title: Very Slow Laptop
Post by: Saurabh77 on December 01, 2011, 12:08:54 PM

Hi,

Have removed the Conduit engine and the toolbar and restarted. Below is the OTL and Extras log:

OTL logfile created on: 12/1/2011 8:55:46 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\saurabh\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 44.09% Memory free
3.49 Gb Paging File | 1.95 Gb Available in Paging File | 55.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.75 Gb Total Space | 12.26 Gb Free Space | 9.30% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.73% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 16.12 Gb Free Space | 3.46% Space Free | Partition Type: NTFS

Computer Name: SAURABH | User Name: saurabh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/29 13:41:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\saurabh\Downloads\OTL.exe
PRC - [2011/11/28 19:58:15 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/11/28 19:57:38 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/11/22 15:45:32 | 000,161,336 | ---- | M] (Google) -- C:\Users\saurabh\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/11/12 21:52:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/25 09:13:49 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/09/20 15:30:46 | 001,185,008 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2011/09/12 21:34:47 | 000,034,496 | ---- | M] () -- C:\Users\saurabh\AppData\Local\Workspace\workspaceupdate.exe
PRC - [2011/07/16 08:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/04 04:52:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2011/02/26 09:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/21 11:53:40 | 001,483,264 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/25 12:26:13 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/16 14:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/09/24 13:15:57 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 14:45:40 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 14:45:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 14:44:55 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/11 10:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/07/30 16:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/30 16:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/14 05:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/28 19:57:38 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/11/17 14:53:21 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/12 21:52:37 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/07 12:19:44 | 000,076,800 | ---- | M] () -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko8.dll
MOD - [2011/10/13 03:41:42 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011/10/13 03:37:18 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 03:37:10 | 014,322,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/13 03:36:51 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a3f989a61ab0468876629134c49514b2\UIAutomationTypes.ni.dll
MOD - [2011/10/13 03:36:50 | 012,216,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/13 03:36:35 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/13 03:36:25 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/13 03:36:06 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SystemWebsite removed for spammingntime.Remo#\018d2569cf208acbe8ad73908705f607\SystemWebsite removed for spammingntime.Remoting.ni.dll
MOD - [2011/10/13 03:36:02 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll
MOD - [2011/10/13 03:35:47 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/13 03:35:42 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/13 03:35:37 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/13 03:35:30 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/13 03:35:19 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/12 21:34:47 | 000,034,496 | ---- | M] () -- C:\Users\saurabh\AppData\Local\Workspace\workspaceupdate.exe
MOD - [2010/03/15 17:24:01 | 000,101,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/02/10 18:10:10 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/30 16:49:52 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/16 04:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/16 04:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/16 04:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/16 04:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/16 04:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/16 04:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/16 04:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/16 04:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/06/11 01:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/08/12 10:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2008/07/29 13:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2008/07/29 13:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2008/07/29 13:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2008/07/29 13:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2008/07/29 12:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 19:58:15 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 17:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/09/20 15:30:46 | 001,185,008 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/07/16 14:45:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/16 17:34:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/16 17:01:22 | 000,132,464 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2009/08/04 10:51:00 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/27 19:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 05:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 05:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 05:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009/06/18 20:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/13 22:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/03/03 01:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/09/13 09:24:58 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/06 03:22:13 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/02 12:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/12/02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/12/02 10:36:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/07/26 12:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/07/16 14:44:57 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/04 11:25:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/27 19:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 13:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 03:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/14 03:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 03:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 03:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/02 10:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/05/16 05:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/16 05:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 05:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 05:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 05:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/05/04 22:30:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/04/29 19:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AE&c=92&bd=all&pf=cmnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bloomberg.com/
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bloomberg.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\saurabh\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\saurabh\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\saurabh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\saurabh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 09:29:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/20 23:16:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/11/28 20:00:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 21:52:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/17 18:58:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/01/24 00:58:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Extensions
[2011/11/10 06:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions
[2011/11/08 14:43:13 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/11/10 06:53:11 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/26 06:03:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions\[email protected]
[2011/11/13 01:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/12 21:35:09 | 000,000,000 | ---D | M] (WBE Paste) -- C:\USERS\SAURABH\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\WBEPASTE@STARFIELD
[2011/09/12 21:35:10 | 000,000,000 | ---D | M] (Web-Based Email Zoom) -- C:\USERS\SAURABH\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\ZOOMEXT@STARFIELD
() (No name found) -- C:\USERS\SAURABH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9DBLE8.DEFAULT\EXTENSIONS\[email protected]
[2011/11/12 21:52:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/24 09:28:38 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/11/28 19:57:34 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/08 10:53:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 21:52:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Online File Folder plugin 1.0.22.28 (Enabled) = C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npoff.dll
CHR - plugin: Web-Based Email plug-in 1.0.15.15 (Enabled) = C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npwbe.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\saurabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Poppit = C:\Users\saurabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/11/30 21:42:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [{E481D98A-5DFC-AD7F-094E-F5EE046CD6F3}] C:\Users\saurabh\AppData\Roaming\Wuut\uxjuy.exe File not found
O4 - HKCU..\Run: [Lexar_Echo_Backup_Manager.exe] C:\Users\saurabh\AppData\Roaming\Lexar\Lexar_Echo_Backup_Manager.exe (Dmailer S.A.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Starfield Updater] C:\Users\saurabh\AppData\Local\Workspace\WorkspaceUpdate.exe ()
O4 - Startup: C:\Users\saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Angry Birds All Download Free.lnk = C:\Program Files\Angry Birds Rio\Angry Birds All Download Free.url ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com (

http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com (

https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_01-win.cab (Java Plug-in 1.4.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5239399A-DACC-42C7-A679-A9519526D59B}: DhcpNameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6A7509D-C3E6-441C-94EF-0154765429B5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6A7509D-C3E6-441C-94EF-0154765429B5}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/30 12:27:04 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/02/15 01:54:30 | 000,000,000 | ---D | M] - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/30 22:01:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/30 22:01:01 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/11/30 21:22:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/11/30 21:22:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/11/30 21:22:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/11/30 21:22:33 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/11/30 21:19:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/30 21:16:09 | 004,321,132 | R--- | C] (Swearware) -- C:\Users\saurabh\Desktop\ComboFix.exe
[2011/11/29 12:51:18 | 000,000,000 | ---D | C] -- C:\Users\saurabh\AppData\Roaming\Wuut
[2011/11/29 12:51:18 | 000,000,000 | ---D | C] -- C:\Users\saurabh\AppData\Roaming\Ogpui
[2011/11/28 19:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011/11/28 19:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/11/28 19:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/11/21 21:11:31 | 000,431,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System\msvcp100.dll
[2011/11/21 21:07:56 | 000,000,000 | ---D | C] -- C:\Users\saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Angry Birds Rio
[2011/11/21 21:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Angry Birds Rio
[2011/11/19 18:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2011/11/19 17:34:15 | 000,000,000 | ---D | C] -- C:\Users\saurabh\AppData\Local\MPlayer
[2011/11/17 01:31:29 | 000,000,000 | ---D | C] -- C:\Users\saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vector Magic
[2011/11/17 01:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Vector Magic
[2011/11/13 17:51:06 | 000,000,000 | ---D | C] -- C:\Users\saurabh\Desktop\2011-11-13
[2011/11/12 16:19:22 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2011/11/12 16:17:50 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/11/09 13:36:23 | 002,339,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/01/23 23:03:14 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/01/23 23:03:12 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/12/01 20:28:01 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 19:08:28 | 089,838,093 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2011/12/01 12:25:15 | 000,000,000 | ---- | M] () -- C:\Users\saurabh\AppData\Local\prvlcl.dat
[2011/12/01 11:49:24 | 000,019,184 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 11:49:24 | 000,019,184 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 11:42:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/01 11:41:54 | 1406,820,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/30 21:42:56 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/11/30 21:16:54 | 004,321,132 | R--- | M] (Swearware) -- C:\Users\saurabh\Desktop\ComboFix.exe
[2011/11/30 15:28:17 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/11/30 15:28:17 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/11/29 13:30:53 | 000,567,077 | ---- | M] () -- C:\Users\saurabh\Desktop\My lil sunflower.jpg
[2011/11/24 10:19:10 | 093,737,139 | ---- | M] () -- C:\Users\saurabh\Desktop\Car-seat mayhem 2.mp4
[2011/11/24 10:08:30 | 104,549,803 | ---- | M] () -- C:\Users\saurabh\Desktop\Car-seat mayhem 1.mp4
[2011/11/23 23:29:47 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2011/11/21 21:16:33 | 000,002,029 | ---- | M] () -- C:\Users\saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Angry Birds All Download Free.lnk
[2011/11/21 21:16:33 | 000,002,017 | ---- | M] () -- C:\Users\saurabh\Application Data\Microsoft\Internet Explorer\Quick Launch\Angry Birds All Download Free.lnk
[2011/11/21 21:16:33 | 000,001,993 | ---- | M] () -- C:\Users\saurabh\Angry Birds All Download Free.lnk
[2011/11/21 21:16:33 | 000,001,929 | ---- | M] () -- C:\Users\saurabh\Angry Birds Rio 2012.lnk
[2011/11/17 14:53:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/11/17 01:31:31 | 000,000,993 | ---- | M] () -- C:\Users\saurabh\Application Data\Microsoft\Internet Explorer\Quick Launch\Vector Magic.lnk
[2011/11/17 01:31:31 | 000,000,969 | ---- | M] () -- C:\Users\saurabh\Desktop\Vector Magic.lnk
[2011/11/16 21:52:47 | 000,012,632 | ---- | M] () -- C:\Users\saurabh\Desktop\Emirates Airlines Application.pdf
[2011/11/12 21:53:30 | 000,001,994 | ---- | M] () -- C:\Users\saurabh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/11 20:37:52 | 000,049,799 | ---- | M] () -- C:\Users\saurabh\Desktop\Updated Resume.pdf
[2011/11/10 18:54:08 | 002,072,265 | ---- | M] () -- C:\Users\saurabh\Desktop\DSCN4445.JPG
[2011/11/10 03:29:32 | 000,591,552 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/11/30 21:22:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/11/30 21:22:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/11/30 21:22:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/11/30 21:22:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/11/30 21:22:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/11/29 13:30:50 | 000,567,077 | ---- | C] () -- C:\Users\saurabh\Desktop\My lil sunflower.jpg
[2011/11/24 19:23:55 | 093,737,139 | ---- | C] () -- C:\Users\saurabh\Desktop\Car-seat mayhem 2.mp4
[2011/11/24 19:23:52 | 104,549,803 | ---- | C] () -- C:\Users\saurabh\Desktop\Car-seat mayhem 1.mp4
[2011/11/21 21:07:56 | 000,002,029 | ---- | C] () -- C:\Users\saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Angry Birds All Download Free.lnk
[2011/11/21 21:07:56 | 000,002,023 | ---- | C] () -- C:\Users\saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Angry Birds All Download Free.lnk
[2011/11/21 21:07:56 | 000,002,017 | ---- | C] () -- C:\Users\saurabh\Application Data\Microsoft\Internet Explorer\Quick Launch\Angry Birds All Download Free.lnk
[2011/11/21 21:07:56 | 000,001,993 | ---- | C] () -- C:\Users\saurabh\Angry Birds All Download Free.lnk
[2011/11/21 21:07:56 | 000,001,929 | ---- | C] () -- C:\Users\saurabh\Angry Birds Rio 2012.lnk
[2011/11/19 18:29:38 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2011/11/17 01:31:31 | 000,000,993 | ---- | C] () -- C:\Users\saurabh\Application Data\Microsoft\Internet Explorer\Quick Launch\Vector Magic.lnk
[2011/11/17 01:31:31 | 000,000,969 | ---- | C] () -- C:\Users\saurabh\Desktop\Vector Magic.lnk
[2011/11/16 21:52:45 | 000,012,632 | ---- | C] () -- C:\Users\saurabh\Desktop\Emirates Airlines Application.pdf
[2011/11/10 19:06:47 | 001,121,173 | ---- | C] () -- C:\Users\saurabh\Desktop\DSCN1616.JPG
[2011/11/10 18:53:28 | 002,072,265 | ---- | C] () -- C:\Users\saurabh\Desktop\DSCN4445.JPG
[2011/05/27 10:10:21 | 000,009,554 | -HS- | C] () -- C:\ProgramData\232r7u660p253f31dil511257hxrt
[2011/05/27 10:10:20 | 000,009,554 | -HS- | C] () -- C:\Users\saurabh\AppData\Local\232r7u660p253f31dil511257hxrt
[2011/05/21 08:18:00 | 000,010,128 | -HS- | C] () -- C:\Users\saurabh\AppData\Local\747073s32x2s4it14g
[2011/05/21 08:18:00 | 000,010,128 | -HS- | C] () -- C:\ProgramData\747073s32x2s4it14g
[2011/04/03 16:37:21 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2011/04/03 16:30:33 | 000,260,464 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/04/03 16:30:32 | 000,282,624 | ---- | C] () -- C:\windows\System32\DscPnt.dll
[2011/04/03 16:30:32 | 000,026,624 | ---- | C] () -- C:\windows\System32\spd__l.dll
[2011/01/20 10:59:30 | 000,000,000 | ---- | C] () -- C:\Users\saurabh\AppData\Local\prvlcl.dat
[2010/09/19 11:27:10 | 000,129,024 | ---- | C] () -- C:\windows\System32\AVERM.dll
[2010/09/19 11:27:10 | 000,028,672 | ---- | C] () -- C:\windows\System32\AVEQT.dll
[2010/08/27 18:18:25 | 000,007,667 | ---- | C] () -- C:\Users\saurabh\AppData\Local\Resmon.ResmonCfg
[2010/08/15 22:39:22 | 000,000,031 | ---- | C] () -- C:\Users\saurabh\AppData\Roaming\Days5.ini
[2010/03/21 12:11:57 | 000,041,068 | ---- | C] () -- C:\windows\System32\ActPanel.dll
[2010/03/19 13:42:02 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2010/03/16 16:04:54 | 000,013,396 | ---- | C] () -- C:\Program Files\Setup.dat
[2010/02/22 17:30:04 | 000,184,320 | ---- | C] () -- C:\Program Files\SecSNMP.dll
[2010/02/02 13:38:43 | 000,000,323 | ---- | C] () -- C:\windows\System32\GENAgencyDetails.dat
[2010/02/02 13:38:31 | 000,003,156 | ---- | C] () -- C:\windows\System32\GENSystemInformation.ini
[2010/02/01 16:31:19 | 000,053,248 | ---- | C] () -- C:\windows\System32\zlib.dll
[2010/01/24 15:19:20 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2010/01/24 14:44:45 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/23 23:08:04 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2010/01/23 23:03:13 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010/01/23 23:03:13 | 000,027,184 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/01/23 23:03:13 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/01/23 23:03:12 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009/10/26 03:45:00 | 000,022,723 | ---- | C] () -- C:\windows\System32\sx450sl3.dll
[2009/10/26 03:44:50 | 000,270,336 | ---- | C] () -- C:\windows\System32\SaMinDrv.dll
[2009/10/26 03:44:50 | 000,106,496 | ---- | C] () -- C:\windows\System32\SaImgFlt.dll
[2009/10/26 03:44:50 | 000,090,112 | ---- | C] () -- C:\windows\System32\SaSegFlt.dll
[2009/10/26 03:44:50 | 000,061,440 | ---- | C] () -- C:\windows\System32\SaErHdlr.dll
[2009/09/06 21:53:29 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/16 04:50:42 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL
[2009/07/14 08:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 08:33:53 | 000,591,552 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 06:05:48 | 000,624,178 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 06:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 06:05:48 | 000,106,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 06:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 06:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 06:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 04:19:49 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2009/07/14 03:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 03:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 03:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 02:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 02:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 02:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 02:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/18 14:29:00 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/06/11 01:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/02/19 16:07:38 | 000,757,760 | ---- | C] () -- C:\Program Files\Ssres.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI

< End of report >

Extras:

OTL Extras logfile created on: 12/1/2011 8:55:46 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\saurabh\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 44.09% Memory free
3.49 Gb Paging File | 1.95 Gb Available in Paging File | 55.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.75 Gb Total Space | 12.26 Gb Free Space | 9.30% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.73% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 16.12 Gb Free Space | 3.46% Space Free | Partition Type: NTFS

Computer Name: SAURABH | User Name: saurabh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1D7DBD8E-4E22-B307-81F4-D55080B16FC7}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{247B9DE4-605C-4CAE-8DFB-4A071290FB1C}" = Aviva SQS
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{32DEA40A-44B0-436D-857D-B770FA710A63}" = Illustration System
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35746344-F2E0-4091-B487-25929B765E0C}_is1" = FPI Illustrations 7.4.4
"{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai
"{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{499FE018-C367-4B1F-A1DE-D6CA7987059A}_is1" = BSE Mkt Watch 1.0.0.9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian
"{511376F5-7E5A-4EC9-B603-193B1D425BC3}" = HP ESU for Microsoft Windows 7
"{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean
"{52B24A16-729C-BDB9-D921-01556B19283D}"

Title: Very Slow Laptop
Post by: Saurabh77 on December 01, 2011, 12:12:47 PM

Hi,

I don't remember downloading or ever having any McAfee products...here is the log for security check:

Results of screen317's Security Check version 0.99.28
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java Web Start
Java(TM) 6 Update 26
Java(TM) 6 Update 22
Java 2 Runtime Environment, SE v1.4.0_01
Java version out of date!
Adobe Flash Player    11.1.102.55
Adobe Reader X (10.1.1)
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

Thanks!
Saurabh

Title: Very Slow Laptop
Post by: Saurabh77 on December 04, 2011, 10:10:14 AM

Hi,

Things seemed to be improving but today again laptop has become very slow and even though I had no programs running CPU usage showed at 100%. Please advice!

Thanks!
Saurabh

Title: Very Slow Laptop
Post by: guestolo on December 04, 2011, 12:30:06 PM

Sorry for the delay, can we do the following please:

Let's remove all older version/updates of Java as they are insecure
With all browser windows closed, uninstall all the following
Enter Windows Control Panel>>Programs and Features, remove
Java 2 Runtime Environment, SE v1.4.0_01
Java™ 6 Update 22
Java™ 6 Update 26

Download and save to desktop the McAfee removal tool (MCPR.exe) from the following link
[color="#0000FF"]MCPR.exe[/color] (http://"http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe")
Right click on the tool and choose to "Run as Administrator"
When it opens, choose NEXT>>Select AGREE and then choose NEXT again

Type in the Security Validation code and click NEXT
The removal should begin, when it's done choose RESTART>>And OK the prompt

Back in Windows
Go ahead and install the latest version of Java from the following location
http://www.java.com/en/download/index.jsp

Right click on OTL.exe and choose to "Run as Admin"

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKCU..\Run: [{E481D98A-5DFC-AD7F-094E-F5EE046CD6F3}] C:\Users\saurabh\AppData\Roaming\Wuut\uxjuy.exe File not found
O4 - Startup: C:\Users\saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Angry Birds All Download Free.lnk = C:\Program Files\Angry Birds Rio\Angry Birds All Download Free.url ()
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com (
- http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com (
- https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"=-
"Malwarebytes Anti-Malware (reboot)"=-
:Files
C:\Users\saurabh\AppData\Roaming\Wuut
C:\Users\saurabh\AppData\Roaming\Ogpui
ipconfig /flushdns /c
:Commands
[RESETHOSTS]
[EmptyFlash]
[EmptyTemp]
- Then click the [color="#FF0000"]Run Fix[/color] button at the top
- Let the program run unhindered, reboot the PC when it is done
On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

After you post that log, can you run the following tool please
- Download [color="#0000FF"]TDSSKiller[/color] (http://"http://support.kaspersky.com/downloads/utils/tdsskiller.zip") and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and choose to "Run as Admin"to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
can you again let me know how things are now running

Title: Very Slow Laptop
Post by: Saurabh77 on December 04, 2011, 01:52:04 PM

Hi,

Thank you for replying. Here is the OTL log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{E481D98A-5DFC-AD7F-094E-F5EE046CD6F3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E481D98A-5DFC-AD7F-094E-F5EE046CD6F3}\ not found.
C:\Users\saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Angry Birds All Download Free.lnk moved successfully.
C:\Program Files\Angry Birds Rio\Angry Birds All Download Free.url moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ not found.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) not found.
========== FILES ==========
C:\Users\saurabh\AppData\Roaming\Wuut folder moved successfully.
C:\Users\saurabh\AppData\Roaming\Ogpui folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\saurabh\Desktop\cmd.bat deleted successfully.
C:\Users\saurabh\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: saurabh
->Flash cache emptied: 76880 bytes

User: sdhall
->Flash cache emptied: 8995 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: saurabh
->Temp folder emptied: 17515667 bytes
->Temporary Internet Files folder emptied: 114564453 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 191489941 bytes
->Google Chrome cache emptied: 75745911 bytes
->Flash cache emptied: 0 bytes

User: sdhall
->Temp folder emptied: 0 bytes
->Java cache emptied: 2836218 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13673898 bytes
RecycleBin emptied: 2418923115 bytes

Total Files Cleaned = 2,703.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12042011_224030

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Title: Very Slow Laptop
Post by: Saurabh77 on December 04, 2011, 02:00:32 PM

Hi,

Here is the TDS log:

22:49:38.0081 6136   TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
22:49:39.0001 6136   ============================================================
22:49:39.0001 6136   Current date / time: 2011/12/04 22:49:39.0001
22:49:39.0001 6136   SystemInfo:
22:49:39.0001 6136
22:49:39.0001 6136   OS Version: 6.1.7600 ServicePack: 0.0
22:49:39.0001 6136   Product type: Workstation
22:49:39.0001 6136   ComputerName: SAURABH
22:49:39.0001 6136   UserName: saurabh
22:49:39.0001 6136   Windows directory: C:\windows
22:49:39.0001 6136   System windows directory: C:\windows
22:49:39.0001 6136   Processor architecture: Intel x86
22:49:39.0001 6136   Number of processors: 2
22:49:39.0001 6136   Page size: 0x1000
22:49:39.0001 6136   Boot type: Normal boot
22:49:39.0001 6136   ============================================================
22:49:42.0683 6136   Initialize success
22:50:03.0245 4592   ============================================================
22:50:03.0245 4592   Scan started
22:50:03.0245 4592   Mode: Manual;
22:50:03.0245 4592   ============================================================
22:50:04.0571 4592   1394ohci     (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
22:50:04.0571 4592   1394ohci - ok
22:50:04.0618 4592   ACPI     (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
22:50:04.0618 4592   ACPI - ok
22:50:04.0649 4592   AcpiPmi    (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
22:50:04.0649 4592   AcpiPmi - ok
22:50:04.0711 4592   adp94xx    (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
22:50:04.0727 4592   adp94xx - ok
22:50:04.0758 4592   adpahci    (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
22:50:04.0774 4592   adpahci - ok
22:50:04.0805 4592   adpu320    (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
22:50:04.0805 4592   adpu320 - ok
22:50:04.0883 4592   AFD    (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
22:50:04.0883 4592   AFD - ok
22:50:04.0945 4592   AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\windows\system32\DRIVERS\AGRSM.sys
22:50:04.0976 4592   AgereSoftModem - ok
22:50:05.0008 4592   agp440     (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
22:50:05.0008 4592   agp440 - ok
22:50:05.0023 4592   aic78xx    (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
22:50:05.0039 4592   aic78xx - ok
22:50:05.0070 4592   aliide     (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
22:50:05.0070 4592   aliide - ok
22:50:05.0101 4592   amdagp     (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
22:50:05.0101 4592   amdagp - ok
22:50:05.0117 4592   amdide     (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
22:50:05.0117 4592   amdide - ok
22:50:05.0148 4592   AmdK8    (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
22:50:05.0164 4592   AmdK8 - ok
22:50:05.0195 4592   AmdPPM     (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
22:50:05.0195 4592   AmdPPM - ok
22:50:05.0242 4592   amdsata    (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
22:50:05.0257 4592   amdsata - ok
22:50:05.0273 4592   amdsbs     (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
22:50:05.0273 4592   amdsbs - ok
22:50:05.0288 4592   amdxata    (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
22:50:05.0288 4592   amdxata - ok
22:50:05.0320 4592   AppID    (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
22:50:05.0335 4592   AppID - ok
22:50:05.0382 4592   arc    (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
22:50:05.0382 4592   arc - ok
22:50:05.0398 4592   arcsas     (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
22:50:05.0398 4592   arcsas - ok
22:50:05.0413 4592   AsyncMac     (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
22:50:05.0413 4592   AsyncMac - ok
22:50:05.0444 4592   atapi    (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
22:50:05.0444 4592   atapi - ok
22:50:05.0585 4592   atikmdag     (a4252328d2b1520571102992ef0b0e5c) C:\windows\system32\DRIVERS\atikmdag.sys
22:50:05.0694 4592   atikmdag - ok
22:50:05.0725 4592   AtiPcie    (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
22:50:05.0725 4592   AtiPcie - ok
22:50:05.0803 4592   AvgLdx86     (b8c187439d27aba430dd69fdcf1fa657) C:\windows\system32\Drivers\avgldx86.sys
22:50:05.0803 4592   AvgLdx86 - ok
22:50:05.0850 4592   AvgMfx86     (80ff2b1b7eeda966394f0baa895bbf4b) C:\windows\system32\Drivers\avgmfx86.sys
22:50:05.0850 4592   AvgMfx86 - ok
22:50:05.0897 4592   AvgTdiX    (741a16589326ac8f26ecdb7894a264f3) C:\windows\system32\Drivers\avgtdix.sys
22:50:05.0912 4592   Suspicious file (Forged): C:\windows\system32\Drivers\avgtdix.sys. Real md5: 741a16589326ac8f26ecdb7894a264f3, Fake md5: 9a7a93388f503a34e7339ae7f9997449
22:50:05.0912 4592   AvgTdiX ( Rootkit.Win32.ZAccess.h ) - infected
22:50:05.0912 4592   AvgTdiX - detected Rootkit.Win32.ZAccess.h (0)
22:50:05.0959 4592   b06bdrv    (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
22:50:05.0975 4592   b06bdrv - ok
22:50:06.0022 4592   b57nd60x     (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
22:50:06.0022 4592   b57nd60x - ok
22:50:06.0115 4592   BCM43XX    (40fb1d9065e668cd4beeff0a804c40e0) C:\windows\system32\DRIVERS\bcmwl6.sys
22:50:06.0162 4592   BCM43XX - ok
22:50:06.0193 4592   Beep     (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
22:50:06.0193 4592   Beep - ok
22:50:06.0209 4592   blbdrive     (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
22:50:06.0224 4592   blbdrive - ok
22:50:06.0271 4592   bowser     (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
22:50:06.0302 4592   bowser - ok
22:50:06.0318 4592   BrFiltLo     (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
22:50:06.0318 4592   BrFiltLo - ok
22:50:06.0349 4592   BrFiltUp     (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
22:50:06.0349 4592   BrFiltUp - ok
22:50:06.0380 4592   Brserid    (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
22:50:06.0380 4592   Brserid - ok
22:50:06.0412 4592   BrSerWdm     (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
22:50:06.0412 4592   BrSerWdm - ok
22:50:06.0427 4592   BrUsbMdm     (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
22:50:06.0427 4592   BrUsbMdm - ok
22:50:06.0458 4592   BrUsbSer     (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
22:50:06.0458 4592   BrUsbSer - ok
22:50:06.0521 4592   BthEnum    (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
22:50:06.0521 4592   BthEnum - ok
22:50:06.0536 4592   BTHMODEM     (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
22:50:06.0536 4592   BTHMODEM - ok
22:50:06.0568 4592   BthPan     (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
22:50:06.0568 4592   BthPan - ok
22:50:06.0599 4592   BTHPORT    (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
22:50:06.0614 4592   BTHPORT - ok
22:50:06.0661 4592   BTHUSB     (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
22:50:06.0661 4592   BTHUSB - ok
22:50:06.0709 4592   btwaudio     (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
22:50:06.0709 4592   btwaudio - ok
22:50:06.0756 4592   btwavdt    (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
22:50:06.0771 4592   btwavdt - ok
22:50:06.0803 4592   btwl2cap     (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
22:50:06.0803 4592   btwl2cap - ok
22:50:06.0834 4592   btwrchid     (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
22:50:06.0834 4592   btwrchid - ok
22:50:06.0896 4592   catchme - ok
22:50:06.0943 4592   cdfs     (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
22:50:06.0943 4592   cdfs - ok
22:50:07.0005 4592   cdrom    (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
22:50:07.0005 4592   cdrom - ok
22:50:07.0037 4592   circlass     (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
22:50:07.0037 4592   circlass - ok
22:50:07.0083 4592   CLFS     (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
22:50:07.0083 4592   CLFS - ok
22:50:07.0146 4592   CmBatt     (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
22:50:07.0146 4592   CmBatt - ok
22:50:07.0193 4592   cmdide     (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
22:50:07.0208 4592   cmdide - ok
22:50:07.0255 4592   CNG    (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
22:50:07.0271 4592   CNG - ok
22:50:07.0302 4592   Compbatt     (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
22:50:07.0302 4592   Compbatt - ok
22:50:07.0349 4592   CompositeBus   (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
22:50:07.0349 4592   CompositeBus - ok
22:50:07.0395 4592   crcdisk    (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
22:50:07.0395 4592   crcdisk - ok
22:50:07.0458 4592   CSC    (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
22:50:07.0473 4592   CSC - ok
22:50:07.0536 4592   DfsC     (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
22:50:07.0551 4592   DfsC - ok
22:50:07.0583 4592   discache     (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
22:50:07.0583 4592   discache - ok
22:50:07.0629 4592   Disk     (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
22:50:07.0676 4592   Disk - ok
22:50:07.0707 4592   drmkaud    (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
22:50:07.0707 4592   drmkaud - ok
22:50:07.0755 4592   DXGKrnl    (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
22:50:07.0771 4592   DXGKrnl - ok
22:50:07.0864 4592   ebdrv    (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
22:50:07.0927 4592   ebdrv - ok
22:50:07.0989 4592   elxstor    (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
22:50:08.0005 4592   elxstor - ok
22:50:08.0020 4592   ErrDev     (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
22:50:08.0020 4592   ErrDev - ok
22:50:08.0067 4592   exfat    (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
22:50:08.0067 4592   exfat - ok
22:50:08.0098 4592   fastfat    (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
22:50:08.0098 4592   fastfat - ok
22:50:08.0130 4592   fdc    (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
22:50:08.0130 4592   fdc - ok
22:50:08.0176 4592   FileInfo     (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
22:50:08.0176 4592   FileInfo - ok
22:50:08.0192 4592   Filetrace    (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
22:50:08.0192 4592   Filetrace - ok
22:50:08.0208 4592   flpydisk     (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
22:50:08.0223 4592   flpydisk - ok
22:50:08.0239 4592   FltMgr     (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
22:50:08.0254 4592   FltMgr - ok
22:50:08.0286 4592   FsDepends    (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
22:50:08.0286 4592   FsDepends - ok
22:50:08.0301 4592   Fs_Rec     (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
22:50:08.0301 4592   Fs_Rec - ok
22:50:08.0332 4592   fvevol     (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
22:50:08.0348 4592   fvevol - ok
22:50:08.0379 4592   gagp30kx     (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
22:50:08.0379 4592   gagp30kx - ok
22:50:08.0442 4592   GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:50:08.0442 4592   GEARAspiWDM - ok
22:50:08.0504 4592   hcw85cir     (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
22:50:08.0504 4592   hcw85cir - ok
22:50:08.0551 4592   HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
22:50:08.0551 4592   HdAudAddService - ok
22:50:08.0582 4592   HDAudBus     (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
22:50:08.0582 4592   HDAudBus - ok
22:50:08.0598 4592   HidBatt    (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
22:50:08.0613 4592   HidBatt - ok
22:50:08.0660 4592   HidBth     (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
22:50:08.0660 4592   HidBth - ok
22:50:08.0707 4592   HidIr    (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
22:50:08.0707 4592   HidIr - ok
22:50:08.0739 4592   HidUsb     (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
22:50:08.0755 4592   HidUsb - ok
22:50:08.0817 4592   HpqKbFiltr     (1210960ff8928950d2a786895b0c424a) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
22:50:08.0817 4592   HpqKbFiltr - ok
22:50:08.0879 4592   HpSAMD     (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
22:50:08.0879 4592   HpSAMD - ok
22:50:08.0926 4592   HTTP     (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
22:50:08.0942 4592   HTTP - ok
22:50:08.0989 4592   hwpolicy     (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
22:50:08.0989 4592   hwpolicy - ok
22:50:09.0035 4592   i8042prt     (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
22:50:09.0051 4592   i8042prt - ok
22:50:09.0113 4592   iaStorV    (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
22:50:09.0129 4592   iaStorV - ok
22:50:09.0238 4592   igfx     (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
22:50:09.0332 4592   igfx - ok
22:50:09.0347 4592   iirsp    (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
22:50:09.0363 4592   iirsp - ok
22:50:09.0379 4592   intelide     (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
22:50:09.0379 4592   intelide - ok
22:50:09.0410 4592   intelppm     (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
22:50:09.0410 4592   intelppm - ok
22:50:09.0425 4592   IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:50:09.0441 4592   IpFilterDriver - ok
22:50:09.0457 4592   IPMIDRV    (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
22:50:09.0472 4592   IPMIDRV - ok
22:50:09.0488 4592   IPNAT    (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
22:50:09.0488 4592   IPNAT - ok
22:50:09.0535 4592   IRENUM     (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
22:50:09.0535 4592   IRENUM - ok
22:50:09.0550 4592   isapnp     (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
22:50:09.0566 4592   isapnp - ok
22:50:09.0581 4592   iScsiPrt     (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
22:50:09.0597 4592   iScsiPrt - ok
22:50:09.0628 4592   kbdclass     (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
22:50:09.0628 4592   kbdclass - ok
22:50:09.0659 4592   kbdhid     (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
22:50:09.0659 4592   kbdhid - ok
22:50:09.0691 4592   KSecDD     (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
22:50:09.0691 4592   KSecDD - ok
22:50:09.0722 4592   KSecPkg    (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
22:50:09.0722 4592   KSecPkg - ok
22:50:09.0769 4592   lltdio     (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
22:50:09.0769 4592   lltdio - ok
22:50:09.0800 4592   LSI_FC     (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
22:50:09.0800 4592   LSI_FC - ok
22:50:09.0847 4592   LSI_SAS    (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
22:50:09.0847 4592   LSI_SAS - ok
22:50:09.0862 4592   LSI_SAS2     (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:50:09.0878 4592   LSI_SAS2 - ok
22:50:09.0893 4592   LSI_SCSI     (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:50:09.0893 4592   LSI_SCSI - ok
22:50:09.0940 4592   luafv    (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
22:50:09.0940 4592   luafv - ok
22:50:09.0956 4592   megasas    (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
22:50:09.0956 4592   megasas - ok
22:50:09.0971 4592   MegaSR     (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
22:50:09.0987 4592   MegaSR - ok
22:50:10.0018 4592   mfetdik    (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys
22:50:10.0018 4592   mfetdik - ok
22:50:10.0034 4592   Modem    (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
22:50:10.0049 4592   Modem - ok
22:50:10.0065 4592   monitor    (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
22:50:10.0065 4592   monitor - ok
22:50:10.0096 4592   mouclass     (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
22:50:10.0096 4592   mouclass - ok
22:50:10.0127 4592   mouhid     (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
22:50:10.0127 4592   mouhid - ok
22:50:10.0159 4592   mountmgr     (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
22:50:10.0159 4592   mountmgr - ok
22:50:10.0174 4592   mpio     (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
22:50:10.0174 4592   mpio - ok
22:50:10.0205 4592   mpsdrv     (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
22:50:10.0205 4592   mpsdrv - ok
22:50:10.0221 4592   MRxDAV     (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
22:50:10.0237 4592   MRxDAV - ok
22:50:10.0268 4592   mrxsmb     (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
22:50:10.0283 4592   mrxsmb - ok
22:50:10.0330 4592   mrxsmb10     (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:50:10.0346 4592   mrxsmb10 - ok
22:50:10.0377 4592   mrxsmb20     (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:50:10.0377 4592   mrxsmb20 - ok
22:50:10.0408 4592   msahci     (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
22:50:10.0408 4592   msahci - ok
22:50:10.0424 4592   msdsm    (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
22:50:10.0424 4592   msdsm - ok
22:50:10.0471 4592   Msfs     (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
22:50:10.0471 4592   Msfs - ok
22:50:10.0486 4592   mshidkmdf    (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
22:50:10.0486 4592   mshidkmdf - ok
22:50:10.0502 4592   msisadrv     (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
22:50:10.0517 4592   msisadrv - ok
22:50:10.0533 4592   MSKSSRV    (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
22:50:10.0549 4592   MSKSSRV - ok
22:50:10.0564 4592   MSPCLOCK     (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
22:50:10.0564 4592   MSPCLOCK - ok
22:50:10.0580 4592   MSPQM    (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
22:50:10.0595 4592   MSPQM - ok
22:50:10.0611 4592   MsRPC    (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
22:50:10.0611 4592   MsRPC - ok
22:50:10.0627 4592   mssmbios     (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
22:50:10.0627 4592   mssmbios - ok
22:50:10.0642 4592   MSTEE    (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
22:50:10.0658 4592   MSTEE - ok
22:50:10.0705 4592   MTConfig     (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
22:50:10.0705 4592   MTConfig - ok
22:50:10.0720 4592   Mup    (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
22:50:10.0720 4592   Mup - ok
22:50:10.0767 4592   NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
22:50:10.0783 4592   NativeWifiP - ok
22:50:10.0814 4592   NDIS     (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
22:50:10.0829 4592   NDIS - ok
22:50:10.0845 4592   NdisCap    (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
22:50:10.0845 4592   NdisCap - ok
22:50:10.0861 4592   NdisTapi     (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
22:50:10.0876 4592   NdisTapi - ok
22:50:10.0907 4592   Ndisuio    (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
22:50:10.0907 4592   Ndisuio - ok
22:50:10.0923 4592   NdisWan    (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
22:50:10.0923 4592   NdisWan - ok
22:50:10.0939 4592   NDProxy    (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
22:50:10.0954 4592   NDProxy - ok
22:50:10.0970 4592   NetBIOS    (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
22:50:10.0970 4592   NetBIOS - ok
22:50:11.0001 4592   NetBT    (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
22:50:11.0001 4592   NetBT - ok
22:50:11.0048 4592   nfrd960    (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
22:50:11.0048 4592   nfrd960 - ok
22:50:11.0110 4592   nmwcd    (712bc0c22ba00b2ba324c6b8df668ee7) C:\windows\system32\drivers\ccdcmb.sys
22:50:11.0110 4592   nmwcd - ok
22:50:11.0141 4592   nmwcdnsu     (28d40797bcb050321fa6674b08a620c0) C:\windows\system32\drivers\nmwcdnsu.sys
22:50:11.0204 4592   nmwcdnsu - ok
22:50:11.0251 4592   nmwcdnsuc    (faee7b61c6885b091cec1ff06da2e1ab) C:\windows\system32\drivers\nmwcdnsuc.sys
22:50:11.0251 4592   nmwcdnsuc - ok
22:50:11.0282 4592   Npfs     (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
22:50:11.0282 4592   Npfs - ok
22:50:11.0297 4592   nsiproxy     (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
22:50:11.0313 4592   nsiproxy - ok
22:50:11.0375 4592   Ntfs     (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
22:50:11.0407 4592   Ntfs - ok
22:50:11.0422 4592   Null     (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
22:50:11.0438 4592   Null - ok
22:50:11.0485 4592   nvraid     (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
22:50:11.0500 4592   nvraid - ok
22:50:11.0531 4592   nvstor     (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
22:50:11.0547 4592   nvstor - ok
22:50:11.0578 4592   nv_agp     (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
22:50:11.0578 4592   nv_agp - ok
22:50:11.0594 4592   ohci1394     (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
22:50:11.0609 4592   ohci1394 - ok
22:50:11.0672 4592   Parport    (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
22:50:11.0672 4592   Parport - ok
22:50:11.0687 4592   partmgr    (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
22:50:11.0687 4592   partmgr - ok
22:50:11.0719 4592   Parvdm     (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
22:50:11.0719 4592   Parvdm - ok
22:50:11.0781 4592   pccsmcfd     (fd2041e9ba03db7764b2248f02475079) C:\windows\system32\DRIVERS\pccsmcfd.sys
22:50:11.0781 4592   pccsmcfd - ok
22:50:11.0797 4592   pci    (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
22:50:11.0797 4592   pci - ok
22:50:11.0828 4592   pciide     (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
22:50:11.0828 4592   pciide - ok
22:50:11.0859 4592   pcmcia     (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
22:50:11.0859 4592   pcmcia - ok
22:50:11.0875 4592   pcw    (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
22:50:11.0875 4592   pcw - ok
22:50:11.0921 4592   PEAUTH     (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
22:50:11.0937 4592   PEAUTH - ok
22:50:12.0031 4592   PptpMiniport   (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
22:50:12.0031 4592   PptpMiniport - ok
22:50:12.0046 4592   Processor    (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
22:50:12.0046 4592   Processor - ok
22:50:12.0093 4592   Psched     (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
22:50:12.0093 4592   Psched - ok
22:50:12.0140 4592   PxHelp20     (40fedd328f98245ad201cf5f9f311724) C:\windows\system32\Drivers\PxHelp20.sys
22:50:12.0140 4592   PxHelp20 - ok
22:50:12.0187 4592   ql2300     (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
22:50:12.0218 4592   ql2300 - ok
22:50:12.0265 4592   ql40xx     (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
22:50:12.0265 4592   ql40xx - ok
22:50:12.0296 4592   QWAVEdrv     (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
22:50:12.0296 4592   QWAVEdrv - ok
22:50:12.0311 4592   RasAcd     (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
22:50:12.0311 4592   RasAcd - ok
22:50:12.0327 4592   RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
22:50:12.0327 4592   RasAgileVpn - ok
22:50:12.0358 4592   Rasl2tp    (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
22:50:12.0358 4592   Rasl2tp - ok
22:50:12.0389 4592   RasPppoe     (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
22:50:12.0405 4592   RasPppoe - ok
22:50:12.0421 4592   RasSstp    (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
22:50:12.0421 4592   RasSstp - ok
22:50:12.0452 4592   rdbss    (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
22:50:12.0452 4592   rdbss - ok
22:50:12.0483 4592   rdpbus     (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
22:50:12.0499 4592   rdpbus - ok
22:50:12.0514 4592   RDPCDD     (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
22:50:12.0514 4592   RDPCDD - ok
22:50:12.0545 4592   RDPDR    (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
22:50:12.0561 4592   RDPDR - ok
22:50:12.0577 4592   RDPENCDD     (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
22:50:12.0592 4592   RDPENCDD - ok
22:50:12.0608 4592   RDPREFMP     (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
22:50:12.0623 4592   RDPREFMP - ok
22:50:12.0639 4592   RDPWD    (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
22:50:12.0639 4592   RDPWD - ok
22:50:12.0686 4592   rdyboost     (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
22:50:12.0686 4592   rdyboost - ok
22:50:12.0748 4592   regi     (001b4278407f4303efc902a2b16f2453) C:\windows\system32\drivers\regi.sys
22:50:12.0748 4592   regi - ok
22:50:12.0795 4592   RFCOMM     (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
22:50:12.0795 4592   RFCOMM - ok
22:50:12.0842 4592   rspndr     (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
22:50:12.0857 4592   rspndr - ok
22:50:12.0889 4592   sbp2port     (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
22:50:12.0904 4592   sbp2port - ok
22:50:12.0920 4592   scfilter     (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
22:50:12.0920 4592   scfilter - ok
22:50:12.0967 4592   secdrv     (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
22:50:12.0967 4592   secdrv - ok
22:50:13.0013 4592   Serenum    (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
22:50:13.0013 4592   Serenum - ok
22:50:13.0045 4592   Serial     (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
22:50:13.0060 4592   Serial - ok
22:50:13.0076 4592   sermouse     (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
22:50:13.0091 4592   sermouse - ok
22:50:13.0154 4592   sffdisk    (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
22:50:13.0154 4592   sffdisk - ok
22:50:13.0169 4592   sffp_mmc     (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
22:50:13.0185 4592   sffp_mmc - ok
22:50:13.0201 4592   sffp_sd    (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
22:50:13.0201 4592   sffp_sd - ok
22:50:13.0232 4592   sfloppy    (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
22:50:13.0232 4592   sfloppy - ok
22:50:13.0279 4592   sisagp     (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
22:50:13.0279 4592   sisagp - ok
22:50:13.0294 4592   SiSRaid2     (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:50:13.0294 4592   SiSRaid2 - ok
22:50:13.0310 4592   SiSRaid4     (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
22:50:13.0325 4592   SiSRaid4 - ok
22:50:13.0357 4592   Smb    (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
22:50:13.0357 4592   Smb - ok
22:50:13.0450 4592   SNP2UVC    (d8aba1293b82e7af2f78b67ca46fcb3d) C:\windows\system32\DRIVERS\snp2uvc.sys
22:50:13.0497 4592   SNP2UVC - ok
22:50:13.0513 4592   spldr    (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
22:50:13.0513 4592   spldr - ok
22:50:13.0575 4592   srv    (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
22:50:13.0575 4592   srv - ok
22:50:13.0622 4592   srv2     (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
22:50:13.0637 4592   srv2 - ok
22:50:13.0669 4592   srvnet     (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
22:50:13.0684 4592   srvnet - ok
22:50:13.0731 4592   stexstor     (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
22:50:13.0731 4592   stexstor - ok
22:50:13.0778 4592   STHDA    (901703459c668331df0c0245f6b8160a) C:\windows\system32\DRIVERS\stwrt.sys
22:50:13.0793 4592   STHDA - ok
22:50:13.0840 4592   swenum     (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
22:50:13.0840 4592   swenum - ok
22:50:13.0871 4592   SynTP    (1de40024679cde0e573465253519730e) C:\windows\system32\DRIVERS\SynTP.sys
22:50:13.0871 4592   SynTP - ok
22:50:13.0965 4592   Tcpip    (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
22:50:13.0996 4592   Tcpip - ok
22:50:14.0043 4592   TCPIP6     (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
22:50:14.0059 4592   TCPIP6 - ok
22:50:14.0090 4592   tcpipreg     (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
22:50:14.0090 4592   tcpipreg - ok
22:50:14.0105 4592   TDPIPE     (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
22:50:14.0121 4592   TDPIPE - ok
22:50:14.0137 4592   TDTCP    (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
22:50:14.0137 4592   TDTCP - ok
22:50:14.0168 4592   tdx    (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
22:50:14.0168 4592   tdx - ok
22:50:14.0183 4592   TermDD     (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
22:50:14.0183 4592   TermDD - ok
22:50:14.0230 4592   TPM    (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
22:50:14.0230 4592   TPM - ok
22:50:14.0261 4592   tssecsrv     (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
22:50:14.0261 4592   tssecsrv - ok
22:50:14.0293 4592   tunnel     (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
22:50:14.0293 4592   tunnel - ok
22:50:14.0324 4592   uagp35     (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
22:50:14.0339 4592   uagp35 - ok
22:50:14.0355 4592   udfs     (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
22:50:14.0355 4592   udfs - ok
22:50:14.0417 4592   uliagpkx     (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
22:50:14.0417 4592   uliagpkx - ok
22:50:14.0433 4592   umbus    (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
22:50:14.0449 4592   umbus - ok
22:50:14.0464 4592   UmPass     (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
22:50:14.0464 4592   UmPass - ok
22:50:14.0527 4592   upperdev     (7062ed67a10f1c83b2ab951736e24f11) C:\windows\system32\DRIVERS\usbser_lowerflt.sys
22:50:14.0527 4592   upperdev - ok
22:50:14.0589 4592   USBAAPL    (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
22:50:14.0589 4592   USBAAPL - ok
22:50:14.0636 4592   usbccgp    (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
22:50:14.0636 4592   usbccgp - ok
22:50:14.0667 4592   usbcir     (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
22:50:14.0683 4592   usbcir - ok
22:50:14.0714 4592   usbehci    (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys
22:50:14.0729 4592   usbehci - ok
22:50:14.0776 4592   usbhub     (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
22:50:14.0776 4592   usbhub - ok
22:50:14.0807 4592   usbohci    (eb2d819a639015253c871cda09d91d58) C:\windows\system32\DRIVERS\usbohci.sys
22:50:14.0807 4592   usbohci - ok
22:50:14.0839 4592   usbprint     (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
22:50:14.0839 4592   usbprint - ok
22:50:14.0885 4592   usbscan    (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
22:50:14.0901 4592   usbscan - ok
22:50:14.0932 4592   usbser     (88701eca76145e2c011c0eeff0f7b70e) C:\windows\system32\DRIVERS\usbser.sys
22:50:14.0932 4592   usbser - ok
22:50:14.0995 4592   USBSTOR    (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:50:14.0995 4592   USBSTOR - ok
22:50:15.0041 4592   usbuhci    (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys
22:50:15.0041 4592   usbuhci - ok
22:50:15.0088 4592   usbvideo     (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
22:50:15.0104 4592   usbvideo - ok
22:50:15.0135 4592   vdrvroot     (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
22:50:15.0135 4592   vdrvroot - ok
22:50:15.0182 4592   vga    (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
22:50:15.0182 4592   vga - ok
22:50:15.0213 4592   VgaSave    (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
22:50:15.0229 4592   VgaSave - ok
22:50:15.0244 4592   vhdmp    (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
22:50:15.0260 4592   vhdmp - ok
22:50:15.0291 4592   viaagp     (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
22:50:15.0291 4592   viaagp - ok
22:50:15.0307 4592   ViaC7    (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
22:50:15.0307 4592   ViaC7 - ok
22:50:15.0322 4592   viaide     (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
22:50:15.0338 4592   viaide - ok
22:50:15.0353 4592   volmgr     (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
22:50:15.0353 4592   volmgr - ok
22:50:15.0385 4592   volmgrx    (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
22:50:15.0400 4592   volmgrx - ok
22:50:15.0416 4592   volsnap    (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
22:50:15.0431 4592   volsnap - ok
22:50:15.0463 4592   vsmraid    (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
22:50:15.0463 4592   vsmraid - ok
22:50:15.0494 4592   vwifibus     (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
22:50:15.0509 4592   vwifibus - ok
22:50:15.0525 4592   vwififlt     (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
22:50:15.0525 4592   vwififlt - ok
22:50:15.0556 4592   vwifimp    (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
22:50:15.0572 4592   vwifimp - ok
22:50:15.0587 4592   WacomPen     (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
22:50:15.0587 4592   WacomPen - ok
22:50:15.0619 4592   WANARP     (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
22:50:15.0619 4592   WANARP - ok
22:50:15.0619 4592   Wanarpv6     (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
22:50:15.0634 4592   Wanarpv6 - ok
22:50:15.0681 4592   Wd     (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
22:50:15.0697 4592   Wd - ok
22:50:15.0728 4592   Wdf01000     (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
22:50:15.0743 4592   Wdf01000 - ok
22:50:15.0790 4592   WfpLwf     (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
22:50:15.0806 4592   WfpLwf - ok
22:50:15.0821 4592   WIMMount     (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
22:50:15.0821 4592   WIMMount - ok
22:50:15.0884 4592   WinUsb     (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
22:50:15.0899 4592   WinUsb - ok
22:50:15.0931 4592   WmiAcpi    (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
22:50:15.0931 4592   WmiAcpi - ok
22:50:15.0962 4592   ws2ifsl    (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
22:50:15.0962 4592   ws2ifsl - ok
22:50:16.0009 4592   WudfPf     (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
22:50:16.0009 4592   WudfPf - ok
22:50:16.0024 4592   WUDFRd     (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
22:50:16.0024 4592   WUDFRd - ok
22:50:16.0087 4592   yukonw7    (3eb1576f77b60a6c79dd7742b67219b8) C:\windows\system32\DRIVERS\yk62x86.sys
22:50:16.0102 4592   yukonw7 - ok
22:50:16.0133 4592   MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:50:16.0149 4592   \Device\Harddisk0\DR0 - ok
22:50:16.0523 4592   MBR (0x1B8)    (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR1
22:50:16.0523 4592   \Device\Harddisk1\DR1 - ok
22:50:16.0539 4592   Boot (0x1200) (3276b8a37f3af219be04984c9cd9fac0) \Device\Harddisk0\DR0\Partition0
22:50:16.0539 4592   \Device\Harddisk0\DR0\Partition0 - ok
22:50:16.0570 4592   Boot (0x1200) (415ccd2fd1a9e5956a1605571fc6dfc8) \Device\Harddisk0\DR0\Partition1
22:50:16.0570 4592   \Device\Harddisk0\DR0\Partition1 - ok
22:50:16.0601 4592   Boot (0x1200) (df16f3dc6a9990d1217d1e116db010d4) \Device\Harddisk0\DR0\Partition2
22:50:16.0601 4592   \Device\Harddisk0\DR0\Partition2 - ok
22:50:16.0617 4592   Boot (0x1200) (e4d68c2af40868b44fb4cf8339b46650) \Device\Harddisk0\DR0\Partition3
22:50:16.0617 4592   \Device\Harddisk0\DR0\Partition3 - ok
22:50:16.0633 4592   Boot (0x1200) (c9085989bcb11cf0029bcced9263d114) \Device\Harddisk1\DR1\Partition0
22:50:16.0633 4592   \Device\Harddisk1\DR1\Partition0 - ok
22:50:16.0633 4592   ============================================================
22:50:16.0633 4592   Scan finished
22:50:16.0633 4592   ============================================================
22:50:16.0648 1572   Detected object count: 1
22:50:16.0648 1572   Actual detected object count: 1
22:50:24.0245 1572   Backup copy found, using it..
22:50:24.0308 1572   C:\windows\system32\Drivers\avgtdix.sys - will be cured on reboot
22:50:26.0351 1572   AvgTdiX ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
22:50:31.0421 6132   Deinitialize success

The CPU & Memory usage is still fluctuating and keep going up to a 100% with no programs running.

Thanks!
Saurabh

Title: Very Slow Laptop
Post by: guestolo on December 04, 2011, 02:17:08 PM

Can you delete your copy of ComboFix from desktop, we're going to redownload it, to ensure you have the latest copy

Download ComboFix from the following location:
[color="#0000FF"]Click HERE[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")

VERY IMPORTANT !!! [color="#FF0000"]Save ComboFix.exe to your Desktop[/color]

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Title: Very Slow Laptop
Post by: Saurabh77 on December 06, 2011, 11:08:37 AM

Hi,

Here is the log from the new combofix:

ComboFix 11-12-06.01 - saurabh 12/06/2011 19:44:28.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1789.759 [GMT 4:00]
Running from: c:\users\saurabh\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB24718$
c:\windows\$NtUninstallKB24718$\2665873003\@
c:\windows\$NtUninstallKB24718$\2665873003\bckfg.tmp
c:\windows\$NtUninstallKB24718$\2665873003\cfg.ini
c:\windows\$NtUninstallKB24718$\2665873003\Desktop.ini
c:\windows\$NtUninstallKB24718$\2665873003\kwrd.dll
c:\windows\$NtUninstallKB24718$\2665873003\L\xadqgnnk
c:\windows\$NtUninstallKB24718$\2665873003\U\00000001.@
c:\windows\$NtUninstallKB24718$\2665873003\U\00000002.@
c:\windows\$NtUninstallKB24718$\2665873003\U\00000004.@
c:\windows\$NtUninstallKB24718$\2665873003\U\80000000.@
c:\windows\$NtUninstallKB24718$\2665873003\U\80000004.@
c:\windows\$NtUninstallKB24718$\2665873003\U\80000032.@
c:\windows\$NtUninstallKB24718$\4091838301
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_svclocks
.
.
((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
.
.
2011-12-06 15:54 . 2011-12-06 15:56   --------   d-----w-   c:\users\saurabh\AppData\Local\temp
2011-12-06 15:54 . 2011-12-06 15:54   --------   d-----w-   c:\users\sdhall\AppData\Local\temp
2011-12-06 15:54 . 2011-12-06 15:54   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-12-06 15:40 . 2009-07-13 23:11   80896   ----a-w-   c:\windows\system32\drivers\i8042prt.sys
2011-12-04 18:39 . 2011-12-04 18:39   --------   d-----w-   c:\program files\Common Files\Java
2011-12-04 18:38 . 2011-12-04 18:38   476904   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-04 12:06 . 2011-12-04 12:06   88064   ----a-w-   c:\windows\system32\drivers\svclocks.exe
2011-11-28 15:58 . 2011-11-28 16:00   --------   d-----w-   c:\programdata\AVG Secure Search
2011-11-28 15:57 . 2011-11-28 15:58   --------   d-----w-   c:\program files\Common Files\AVG Secure Search
2011-11-28 15:57 . 2011-11-28 16:00   --------   d-----w-   c:\program files\AVG Secure Search
2011-11-21 17:11 . 2009-09-23 12:48   431936   ----a-w-   c:\windows\system\msvcp100.dll
2011-11-21 17:07 . 2011-12-04 18:40   --------   d-----w-   c:\program files\Angry Birds Rio
2011-11-19 13:34 . 2011-11-19 13:34   --------   d-----w-   c:\users\saurabh\AppData\Local\MPlayer
2011-11-16 21:31 . 2011-11-16 21:31   --------   d-----w-   c:\program files\Vector Magic
2011-11-12 12:19 . 2011-11-12 12:19   --------   d-----w-   c:\windows\system32\SPReview
2011-11-12 12:17 . 2011-11-12 12:17   --------   d-----w-   c:\windows\system32\EventProviders
2011-11-09 09:36 . 2011-09-29 15:43   1285488   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:36 . 2011-10-01 04:43   708608   ----a-w-   c:\program files\Common Files\System\wab32.dll
2011-11-09 09:36 . 2011-09-29 04:20   2339840   ----a-w-   c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 18:51 . 2010-06-14 11:14   243152   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2011-12-04 18:38 . 2010-08-26 10:23   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-12-04 11:56 . 2011-06-28 17:09   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 02:59 . 2011-10-12 07:28   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-09-13 05:24 . 2010-06-14 11:14   29712   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-02-22 13:30 . 2010-02-22 13:30   184320   ----a-w-   c:\program files\SecSNMP.dll
2009-02-19 12:07 . 2009-02-19 12:07   757760   ----a-w-   c:\program files\Ssres.dll
2011-11-12 17:52 . 2011-03-22 17:08   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-28 15:57   1547104   ----a-w-   c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-11-28 1547104]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"Lexar_Echo_Backup_Manager.exe"="c:\users\saurabh\AppData\Roaming\Lexar\Lexar_Echo_Backup_Manager.exe" [2010-03-23 37438648]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
"Starfield Updater"="c:\users\saurabh\AppData\Local\Workspace\workspaceupdate.exe" [2011-09-12 34496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-25 2078048]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-28 827232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^sdhall^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BSEGadget.lnk]
path=c:\users\sdhall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BSEGadget.lnk
backup=c:\windows\pss\BSEGadget.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KITCO]
c:\program files\Kitco\Kcast\Kcast [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-06-18 16:07   563736   ----a-w-   c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-07-27 22:49   288312   ----a-w-   c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-08-04 19:09   98304   ----a-w-   c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 18:04   498744   ----a-w-   c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-12-02 8576]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-03-16 132464]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-16 1343400]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-12-04 243152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [2011-09-20 1185008]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-11-28 855904]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 09:09]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 09:09]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1762653480-1981093567-457604102-1001Core1cc93d9f8d319a6.job
- c:\users\saurabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-11 22:19]
.
2010-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1762653480-1981093567-457604102-1001UA.job
- c:\users\saurabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-11 22:19]
.
2010-11-20 c:\windows\Tasks\HPCeeScheduleForsaurabh.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 00:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bloomberg.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AE&c=92&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = local;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B6A7509D-C3E6-441C-94EF-0154765429B5}: NameServer = 8.8.8.8,8.8.4.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bloomberg.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
SafeBoot-66595388.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1762653480-1981093567-457604102-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,*h*,%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5272)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-12-06 20:00:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-06 16:00
ComboFix2.txt 2011-11-30 18:00
.
Pre-Run: 13,094,629,376 bytes free
Post-Run: 13,054,963,712 bytes free
.
- - End Of File - - 43CC60F595A6EF94BB876370AAE62A61

Thanks!
Saurabh

Title: Very Slow Laptop
Post by: guestolo on December 06, 2011, 09:59:37 PM

Can you run tdsskiller again, let me know if it comes clean
In addition, reopen OTL.exe and run a New scan and post the log that opens

Keep me informed how things are running please

Title: Very Slow Laptop
Post by: Saurabh77 on December 07, 2011, 11:59:15 AM

Hi,

TDSKiller scan came up clean, no infections found. Laptop is still consuming over 60% memory and 50% CPU usage with nothing running! The fan is also almost constantly on. Here are the OTL and Extras Logs:

OTL logfile created on: 12/7/2011 8:49:02 PM - Run 7
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\saurabh\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 46.14% Memory free
3.49 Gb Paging File | 2.28 Gb Available in Paging File | 65.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.75 Gb Total Space | 12.21 Gb Free Space | 9.27% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.73% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 11.15 Gb Free Space | 2.39% Space Free | Partition Type: NTFS

Computer Name: SAURABH | User Name: saurabh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/29 13:41:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\saurabh\Desktop\OTL.exe
PRC - [2011/11/28 19:58:15 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/10/25 09:13:49 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/09/20 15:30:46 | 001,185,008 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Workspace\offSyncService.exe
PRC - [2011/09/12 21:34:47 | 000,034,496 | ---- | M] () -- C:\Users\saurabh\AppData\Local\Workspace\workspaceupdate.exe
PRC - [2011/07/16 08:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/29 12:43:11 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/02/26 09:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/25 12:26:13 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/16 14:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/09/24 13:15:57 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 14:45:40 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 14:45:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 14:44:55 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/11 10:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/07/30 16:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/30 16:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/14 05:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/12 21:34:47 | 000,034,496 | ---- | M] () -- C:\Users\saurabh\AppData\Local\Workspace\workspaceupdate.exe
MOD - [2010/02/10 18:10:10 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/30 16:49:52 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 19:58:15 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 17:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/09/20 15:30:46 | 001,185,008 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/07/16 14:45:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/16 17:34:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/16 17:01:22 | 000,132,464 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2009/08/04 10:51:00 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/27 19:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 05:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 05:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 05:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009/06/18 20:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/13 22:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/03/03 01:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/12/04 22:51:19 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/09/13 09:24:58 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/12/02 12:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/12/02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/12/02 10:36:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/07/26 12:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/07/16 14:44:57 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/04 11:25:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/27 19:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 13:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 03:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/14 03:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 03:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 03:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/02 10:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/05/16 05:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/04 22:30:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/04/29 19:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AE&c=92&bd=all&pf=cmnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bloomberg.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bloomberg.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\saurabh\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\saurabh\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\saurabh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\saurabh\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 09:29:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/20 23:16:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/11/28 20:00:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 21:52:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/04 22:43:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/01/24 00:58:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Extensions
[2011/12/07 20:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions
[2011/12/07 20:38:14 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/07 20:38:15 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/26 06:03:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\bq9dble8.default\extensions\[email protected]
[2011/12/04 22:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/04 22:38:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/12 21:35:09 | 000,000,000 | ---D | M] (WBE Paste) -- C:\USERS\SAURABH\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\WBEPASTE@STARFIELD
[2011/09/12 21:35:10 | 000,000,000 | ---D | M] (Web-Based Email Zoom) -- C:\USERS\SAURABH\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\ZOOMEXT@STARFIELD
() (No name found) -- C:\USERS\SAURABH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9DBLE8.DEFAULT\EXTENSIONS\[email protected]
[2011/11/12 21:52:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/04 22:38:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/24 09:28:38 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/11/28 19:57:34 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/08 10:53:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 21:52:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Online File Folder plugin 1.0.22.28 (Enabled) = C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npoff.dll
CHR - plugin: Web-Based Email plug-in 1.0.15.15 (Enabled) = C:\Users\saurabh\AppData\Roaming\Mozilla\plugins\npwbe.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\saurabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Poppit = C:\Users\saurabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/12/06 19:55:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Lexar_Echo_Backup_Manager.exe] C:\Users\saurabh\AppData\Roaming\Lexar\Lexar_Echo_Backup_Manager.exe (Dmailer S.A.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Starfield Updater] C:\Users\saurabh\AppData\Local\Workspace\workspaceupdate.exe ()
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] C:\windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5239399A-DACC-42C7-A679-A9519526D59B}: DhcpNameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6A7509D-C3E6-441C-94EF-0154765429B5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6A7509D-C3E6-441C-94EF-0154765429B5}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/30 12:27:04 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/02/15 01:54:30 | 000,000,000 | ---D | M] - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/06 20:00:47 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/12/06 19:55:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/06 19:54:03 | 000,000,000 | ---D | C] -- C:\Users\saurabh\AppData\Local\temp
[2011/12/06 19:33:43 | 004,328,480 | R--- | C] (Swearware) -- C:\Users\saurabh\Desktop\ComboFix.exe
[2011/12/04 22:49:05 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\saurabh\Desktop\TDSSKiller.exe
[2011/12/04 22:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/04 22:38:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011/12/04 22:38:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011/12/04 22:38:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011/12/04 22:28:39 | 001,832,544 | ---- | C] (McAfee, Inc.) -- C:\Users\saurabh\Desktop\MCPR.exe
[2011/12/04 16:06:45 | 000,088,064 | ---- | C] (Lenovo Corporation) -- C:\windows\System32\drivers\svclocks.exe
[2011/11/30 21:22:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/11/30 21:22:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/11/30 21:22:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/11/30 21:22:33 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/11/30 21:19:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/29 13:41:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\saurabh\Desktop\OTL.exe
[2011/11/28 19:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011/11/28 19:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/11/28 19:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/11/21 21:11:31 | 000,431,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System\msvcp100.dll
[2011/11/21 21:07:56 | 000,000,000 | ---D | C] -- C:\Users\saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Angry Birds Rio
[2011/11/21 21:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Angry Birds Rio
[2011/11/19 18:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2011/11/19 17:34:15 | 000,000,000 | ---D | C] -- C:\Users\saurabh\AppData\Local\MPlayer
[2011/11/17 01:31:29 | 000,000,000 | ---D | C] -- C:\Users\saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vector Magic
[2011/11/17 01:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Vector Magic
[2011/11/13 17:51:06 | 000,000,000 | ---D | C] -- C:\Users\saurabh\Desktop\2011-11-13
[2011/11/12 16:19:22 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2011/11/12 16:17:50 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/11/09 13:36:23 | 002,339,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/01/23 23:03:14 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/01/23 23:03:12 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/12/07 20:49:07 | 000,000,000 | ---- | M] () -- C:\Users\saurabh\AppData\Local\prvlcl.dat
[2011/12/07 20:38:45 | 001,557,928 | ---- | M] () -- C:\Users\saurabh\Desktop\tdsskiller.zip
[2011/12/07 20:32:10 | 090,050,466 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2011/12/07 20:28:05 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/07 20:27:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/07 13:22:02 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\saurabh\Desktop\TDSSKiller.exe
[2011/12/07 00:10:45 | 000,132,503 | ---- | M] () -- C:\Users\saurabh\median-earnings-on-wall-street-by-race-and-gender.jpg
[2011/12/06 20:04:35 | 000,019,184 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 20:04:35 | 000,019,184 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 19:55:40 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/12/06 19:55:22 | 1406,820,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/06 19:34:03 | 004,328,480 | R--- | M] (Swearware) -- C:\Users\saurabh\Desktop\ComboFix.exe
[2011/12/05 15:37:27 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/12/05 15:37:27 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/12/04 22:51:19 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2011/12/04 22:38:33 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011/12/04 22:38:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011/12/04 22:38:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011/12/04 22:38:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2011/12/04 22:28:46 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Users\saurabh\Desktop\MCPR.exe
[2011/12/04 17:38:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/04 17:38:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/04 16:07:44 | 000,000,512 | ---- | M] () -- C:\windows\unlss.ini
[2011/12/04 16:06:45 | 000,088,064 | ---- | M] (Lenovo Corporation) -- C:\windows\System32\drivers\svclocks.exe
[2011/12/04 16:01:28 | 146,612,224 | ---- | M] () -- C:\Users\saurabh\Desktop\When NO does not mean no.MOD
[2011/12/04 15:56:51 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/12/01 21:04:52 | 000,879,649 | ---- | M] () -- C:\Users\saurabh\Desktop\SecurityCheck.exe
[2011/11/29 13:41:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\saurabh\Desktop\OTL.exe
[2011/11/29 13:30:53 | 000,567,077 | ---- | M] () -- C:\Users\saurabh\Desktop\My lil sunflower.jpg
[2011/11/24 10:19:10 | 093,737,139 | ---- | M] () -- C:\Users\saurabh\Desktop\Car-seat mayhem 2.mp4
[2011/11/24 10:08:30 | 104,549,803 | ---- | M] () -- C:\Users\saurabh\Desktop\Car-seat mayhem 1.mp4
[2011/11/23 23:29:47 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2011/11/21 21:16:33 | 000,002,017 | ---- | M] () -- C:\Users\saurabh\Application Data\Microsoft\Internet Explorer\Quick Launch\Angry Birds All Download Free.lnk
[2011/11/21 21:16:33 | 000,001,993 | ---- | M] () -- C:\Users\saurabh\Angry Birds All Download Free.lnk
[2011/11/21 21:16:33 | 000,001,929 | ---- | M] () -- C:\Users\saurabh\Angry Birds Rio 2012.lnk
[2011/11/17 01:31:31 | 000,000,993 | ---- | M] () -- C:\Users\saurabh\Application Data\Microsoft\Internet Explorer\Quick Launch\Vector Magic.lnk
[2011/11/17 01:31:31 | 000,000,969 | ---- | M] () -- C:\Users\saurabh\Desktop\Vector Magic.lnk
[2011/11/16 21:52:47 | 000,012,632 | ---- | M] () -- C:\Users\saurabh\Desktop\Emirates Airlines Application.pdf
[2011/11/12 21:53:30 | 000,001,994 | ---- | M] () -- C:\Users\saurabh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/11 20:37:52 | 000,049,799 | ---- | M] () -- C:\Users\saurabh\Desktop\Updated Resume.pdf
[2011/11/10 18:54:08 | 002,072,265 | ---- | M] () -- C:\Users\saurabh\Desktop\DSCN4445.JPG
[2011/11/10 03:29:32 | 000,591,552 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/12/07 20:38:27 | 001,557,928 | ---- | C] () -- C:\Users\saurabh\Desktop\tdsskiller.zip
[2011/12/07 00:10:28 | 000,132,503 | ---- | C] () -- C:\Users\saurabh\median-earnings-on-wall-street-by-race-and-gender.jpg
[2011/12/04 17:38:11 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/04 17:38:11 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/04 16:14:02 | 146,612,224 | ---- | C] () -- C:\Users\saurabh\Desktop\When NO does not mean no.MOD
[2011/12/04 16:07:44 | 000,000,512 | ---- | C] () -- C:\windows\unlss.ini
[2011/12/01 21:04:48 | 000,879,649 | ---- | C] () -- C:\Users\saurabh\Desktop\SecurityCheck.exe
[2011/11/30 21:22:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/11/30 21:22:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/11/30 21:22:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/11/30 21:22:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/11/30 21:22:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/11/29 13:30:50 | 000,567,077 | ---- | C] () -- C:\Users\saurabh\Desktop\My lil sunflower.jpg
[2011/11/24 19:23:55 | 093,737,139 | ---- | C] () -- C:\Users\saurabh\Desktop\Car-seat mayhem 2.mp4
[2011/11/24 19:23:52 | 104,549,803 | ---- | C] () -- C:\Users\saurabh\Desktop\Car-seat mayhem 1.mp4
[2011/11/21 21:07:56 | 000,002,023 | ---- | C] () -- C:\Users\saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Angry Birds All Download Free.lnk
[2011/11/21 21:07:56 | 000,002,017 | ---- | C] () -- C:\Users\saurabh\Application Data\Microsoft\Internet Explorer\Quick Launch\Angry Birds All Download Free.lnk
[2011/11/21 21:07:56 | 000,001,993 | ---- | C] () -- C:\Users\saurabh\Angry Birds All Download Free.lnk
[2011/11/21 21:07:56 | 000,001,929 | ---- | C] () -- C:\Users\saurabh\Angry Birds Rio 2012.lnk
[2011/11/19 18:29:38 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2011/11/17 01:31:31 | 000,000,993 | ---- | C] () -- C:\Users\saurabh\Application Data\Microsoft\Internet Explorer\Quick Launch\Vector Magic.lnk
[2011/11/17 01:31:31 | 000,000,969 | ---- | C] () -- C:\Users\saurabh\Desktop\Vector Magic.lnk
[2011/11/16 21:52:45 | 000,012,632 | ---- | C] () -- C:\Users\saurabh\Desktop\Emirates Airlines Application.pdf
[2011/11/10 19:06:47 | 001,121,173 | ---- | C] () -- C:\Users\saurabh\Desktop\DSCN1616.JPG
[2011/11/10 18:53:28 | 002,072,265 | ---- | C] () -- C:\Users\saurabh\Desktop\DSCN4445.JPG
[2011/05/27 10:10:21 | 000,009,554 | -HS- | C] () -- C:\ProgramData\232r7u660p253f31dil511257hxrt
[2011/05/27 10:10:20 | 000,009,554 | -HS- | C] () -- C:\Users\saurabh\AppData\Local\232r7u660p253f31dil511257hxrt
[2011/05/21 08:18:00 | 000,010,128 | -HS- | C] () -- C:\Users\saurabh\AppData\Local\747073s32x2s4it14g
[2011/05/21 08:18:00 | 000,010,128 | -HS- | C] () -- C:\ProgramData\747073s32x2s4it14g
[2011/04/03 16:37:21 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2011/04/03 16:30:33 | 000,260,464 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/04/03 16:30:32 | 000,282,624 | ---- | C] () -- C:\windows\System32\DscPnt.dll
[2011/04/03 16:30:32 | 000,026,624 | ---- | C] () -- C:\windows\System32\spd__l.dll
[2011/01/20 10:59:30 | 000,000,000 | ---- | C] () -- C:\Users\saurabh\AppData\Local\prvlcl.dat
[2010/09/19 11:27:10 | 000,129,024 | ---- | C] () -- C:\windows\System32\AVERM.dll
[2010/09/19 11:27:10 | 000,028,672 | ---- | C] () -- C:\windows\System32\AVEQT.dll
[2010/08/27 18:18:25 | 000,007,667 | ---- | C] () -- C:\Users\saurabh\AppData\Local\Resmon.ResmonCfg
[2010/08/15 22:39:22 | 000,000,031 | ---- | C] () -- C:\Users\saurabh\AppData\Roaming\Days5.ini
[2010/03/19 13:42:02 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2010/03/16 16:04:54 | 000,013,396 | ---- | C] () -- C:\Program Files\Setup.dat
[2010/02/22 17:30:04 | 000,184,320 | ---- | C] () -- C:\Program Files\SecSNMP.dll
[2010/02/02 13:38:43 | 000,000,323 | ---- | C] () -- C:\windows\System32\GENAgencyDetails.dat
[2010/02/02 13:38:31 | 000,003,156 | ---- | C] () -- C:\windows\System32\GENSystemInformation.ini
[2010/02/01 16:31:19 | 000,053,248 | ---- | C] () -- C:\windows\System32\zlib.dll
[2010/01/24 15:19:20 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2010/01/24 14:44:45 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/23 23:08:04 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2010/01/23 23:03:13 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010/01/23 23:03:13 | 000,027,184 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/01/23 23:03:13 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/01/23 23:03:12 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009/10/26 03:45:00 | 000,022,723 | ---- | C] () -- C:\windows\System32\sx450sl3.dll
[2009/10/26 03:44:50 | 000,270,336 | ---- | C] () -- C:\windows\System32\SaMinDrv.dll
[2009/10/26 03:44:50 | 000,106,496 | ---- | C] () -- C:\windows\System32\SaImgFlt.dll
[2009/10/26 03:44:50 | 000,090,112 | ---- | C] () -- C:\windows\System32\SaSegFlt.dll
[2009/10/26 03:44:50 | 000,061,440 | ---- | C] () -- C:\windows\System32\SaErHdlr.dll
[2009/09/06 21:53:29 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/16 04:50:42 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL
[2009/07/14 08:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 08:33:53 | 000,591,552 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 06:05:48 | 000,624,178 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 06:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 06:05:48 | 000,106,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 06:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 06:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 06:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 04:19:49 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2009/07/14 03:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 03:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 03:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 02:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 02:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 02:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 02:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/18 14:29:00 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/06/11 01:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/02/19 16:07:38 | 000,757,760 | ---- | C] () -- C:\Program Files\Ssres.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI

< End of report >

OTL Extras logfile created on: 12/7/2011 8:49:02 PM - Run 7
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\saurabh\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 46.14% Memory free
3.49 Gb Paging File | 2.28 Gb Available in Paging File | 65.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.75 Gb Total Space | 12.21 Gb Free Space | 9.27% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.73% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 11.15 Gb Free Space | 2.39% Space Free | Partition Type: NTFS

Computer Name: SAURABH | User Name: saurabh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"Apple Inc." = C:\windows\system32\config\systemprofile\AppData\Roaming\Apple Inc..exe:*:Apple Inc.
"svclocks" = C:\windows\system32\drivers\svclocks.exe:*:svclocks -- (Lenovo Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1D7DBD8E-4E22-B307-81F4-D55080B16FC7}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{247B9DE4-605C-4CAE-8DFB-4A071290FB1C}" = Aviva SQS
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{32DEA40A-44B0-436D-857D-B770FA710A63}" = Illustration System
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35746344-F2E0-4091-B487-25929B765E0C}_is1" = FPI Illustrations 7.4.4
"{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai
"{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{499FE018-C367-4B1F-A1DE-D6CA7987059A}_is1" = BSE Mkt Watch 1.0.0.9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian
"{511376F5-7E5A-4EC9-B603-193B1D425BC3}" = HP ESU for Microsoft Windows 7
"{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean
"{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light
"{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian
"{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AC1E059-AFFD-4B7C-8E53-76F542BBAB2E}" = Royal London 360 Illustrations
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish
"{7E305D12-32F9-41BC-80A3-FFA3E2782803}" = WPS Salary
"{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy
"{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional
"{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish
"{816F5E94-B7FE-43EF-B4E6-F22D40A4AFCC}" = HP User Guides 0133
"{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}" = ATI Catalyst Install Manager
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New
"{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113B21A-0EEE-4464-882E-649EE9FE0D7C}" = Aviva SQS
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch
"{C3D20442-ED4E-48E2-9D0A-EFC2BCE0641B}" = Royal Skandia Offshore Quotes
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish
"{DB379FE9-D935-42E2-BDB1-8E7D827799EA}" = Generali NBQ
"{DE88C1E0-E5D5-4C30-B60E-1D092C160465}" = Formtec Design Pro 6
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}" = Windows 7 Default Setting
"{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech
"{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{FA8A6F42-A185-4455-A762-47FD081DEC54}" = Illustration System
"4Videosoft MKV Video Converter_is1" = 4Videosoft MKV Video Converter
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DWG TrueView 2011" = DWG TrueView 2011
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
"Express" = Express Dictate
"Foxit Creator" =

Title: Very Slow Laptop
Post by: Saurabh77 on December 07, 2011, 12:09:47 PM

One more thing - yesterday after I started running Combofix, initially it said there was some sort of Rootkit infection which could be causing problems connecting to internet and that this was difficult infection to clear and asked to reboot. I did the same after which combofix continued and produced the log which has been posted above.

Thanks!
Saurabh

Title: Very Slow Laptop
Post by: guestolo on December 07, 2011, 10:06:17 PM

Copy ALL the below in the Code box and paste to an empty notepad file
Don't use anything else than notepad or the script will not work
To open Notepad you can go to Start>Programs>> Accessories, and then clicking Notepad.

Code: [Select]

Driver::
mfetdik
File::
c:\windows\system32\drivers\svclocks.exe
Folder::
C:\ProgramData\232r7u660p253f31dil511257hxrt
C:\Users\saurabh\AppData\Local\232r7u660p253f31dil511257hxrt
C:\Users\saurabh\AppData\Local\747073s32x2s4it14g
C:\ProgramData\747073s32x2s4it14g
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KITCO]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"svclocks"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"=-

Save this as txtfile on your desktop, with the exact name of
CFScript

(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
I'll need to see that log again
Of course, keep me informed how things are now running

Title: Very Slow Laptop
Post by: Saurabh77 on December 08, 2011, 06:19:49 PM

Hi,

While running combofix the laptop restarted to install a service pack! The pack did not successfully install, should I save the code again and re-run combofix?

Thanks!
Saurabh

Title: Very Slow Laptop
Post by: guestolo on December 08, 2011, 10:38:12 PM

If it's service pack for vista, go ahead and install it
Reboot when required
Keep me informed how things are then running

Title: Very Slow Laptop
Post by: Saurabh77 on December 11, 2011, 08:41:47 AM

Hi,

I tried to install the service pack but installation failed for some reason. Laptop is definitely better but still acts up at times. Thank you for all your help!

Saurabh

Title: Very Slow Laptop
Post by: guestolo on December 11, 2011, 11:14:53 AM

Are you properly disabling AVG during the running of ComboFix
Can you ensure that you do these instructions:
Open AVG User Interface.
Double-click on the Resident Shield.
Un-tick the option Resident Shield active.
Save the changes.

Then continue with the following:
Copy ALL the below in the Code box and paste to an empty notepad file
Don't use anything else than notepad or the script will not work
To open Notepad yo

Code: [Select]

Driver::
mfetdik
File::
c:\windows\system32\drivers\svclocks.exe
Folder::
C:\ProgramData\232r7u660p253f31dil511257hxrt
C:\Users\saurabh\AppData\Local\232r7u660p253f31dil511257hxrt
C:\Users\saurabh\AppData\Local\747073s32x2s4it14g
C:\ProgramData\747073s32x2s4it14g
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KITCO]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"svclocks"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"=-

Title: Very Slow Laptop
Post by: Saurabh77 on December 16, 2011, 11:05:02 AM

Hi,

Sorry for the delay in replying. Below is the combofix log. I do disable the resident shield but combofix still says AVG is running.

ComboFix 11-12-16.01 - saurabh 12/16/2011 19:12:53.4.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1789.1041 [GMT 4:00]
Running from: c:\users\saurabh\Desktop\ComboFix.exe
Command switches used :: c:\users\saurabh\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\svclocks.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\saurabh\AppData\Local\temp\jna4502574511623097993.dll
.
---- Previous Run -------
.
c:\windows\system32\drivers\svclocks.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MFETDIK
-------\Service_mfetdik
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-14 01:08 . 2011-11-24 04:23   2340352   ----a-w-   c:\windows\system32\win32k.sys
2011-12-14 01:08 . 2011-11-05 04:30   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-12-14 01:08 . 2011-10-15 05:48   534528   ----a-w-   c:\windows\system32\EncDec.dll
2011-12-14 01:08 . 2011-10-26 04:25   38912   ----a-w-   c:\windows\system32\csrsrv.dll
2011-12-14 01:08 . 2011-10-26 04:42   3901808   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-12-14 01:08 . 2011-10-26 04:42   3957104   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-12-08 05:44 . 2011-12-08 05:44   --------   d-----w-   c:\windows\system32\SPReview
2011-12-06 15:54 . 2011-12-16 15:30   --------   d-----w-   c:\users\saurabh\AppData\Local\temp
2011-12-06 15:40 . 2009-07-13 23:11   80896   ----a-w-   c:\windows\system32\drivers\i8042prt.sys
2011-12-04 18:39 . 2011-12-04 18:39   --------   d-----w-   c:\program files\Common Files\Java
2011-12-04 18:38 . 2011-12-04 18:38   476904   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-28 15:58 . 2011-11-28 16:00   --------   d-----w-   c:\programdata\AVG Secure Search
2011-11-28 15:57 . 2011-11-28 15:58   --------   d-----w-   c:\program files\Common Files\AVG Secure Search
2011-11-28 15:57 . 2011-11-28 16:00   --------   d-----w-   c:\program files\AVG Secure Search
2011-11-21 17:11 . 2009-09-23 12:48   431936   ----a-w-   c:\windows\system\msvcp100.dll
2011-11-21 17:07 . 2011-12-04 18:40   --------   d-----w-   c:\program files\Angry Birds Rio
2011-11-19 13:34 . 2011-11-19 13:34   --------   d-----w-   c:\users\saurabh\AppData\Local\MPlayer
2011-11-16 21:31 . 2011-11-16 21:31   --------   d-----w-   c:\program files\Vector Magic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 18:51 . 2010-06-14 11:14   243152   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2011-12-04 18:38 . 2010-08-26 10:23   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-12-04 11:56 . 2011-06-28 17:09   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 15:43 . 2011-11-09 09:36   1285488   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2010-02-22 13:30 . 2010-02-22 13:30   184320   ----a-w-   c:\program files\SecSNMP.dll
2009-02-19 12:07 . 2009-02-19 12:07   757760   ----a-w-   c:\program files\Ssres.dll
2011-11-12 17:52 . 2011-03-22 17:08   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-30_17.43.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-07 11:58 . 2011-12-07 11:58   86528     c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_9.4.8112.16421_none_3411bc8ed442d7a8\iesysprep.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   78848     c:\windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_9.4.8112.16421_none_b1befe64620e9eb3\inseng.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   74752     c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_9.4.8112.16421_none_de5057e278bf9ae3\iesetup.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   31744     c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_9.4.8112.16421_none_de5057e278bf9ae3\iernonce.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   74240     c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_9.4.8112.16421_none_de5057e278bf9ae3\ie4uinit.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   83456     c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_9.4.8112.16421_none_05f58d6b02d23b61\PDMSetup.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   49664     c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_9.4.8112.16421_none_23273f2d4ba58c6b\JSProfilerCore.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   66048     c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_9.4.8112.16421_none_731b22247e84589a\icardie.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   22016     c:\windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_9.4.8112.16421_none_467d635eddcbe7c3\ExtExport.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   35840     c:\windows\winsxs\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_9.4.8112.16421_none_56746b920d54cd22\imgutil.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   48640     c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_9.4.8112.16421_none_0bed293ed46cedb6\mshtmler.dll
+ 2011-12-14 23:06 . 2011-11-03 23:01   72704     c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20544_none_611f89f676d63a1a\mshtmled.dll
+ 2011-12-14 23:06 . 2011-11-03 22:32   72704     c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16440_none_6091ec035dbc34f4\mshtmled.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   72704     c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16437_none_60a3bdf55dadca64\mshtmled.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   11776     c:\windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_9.4.8112.16421_none_71d991ff23a3e055\mshta.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   74752     c:\windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_9.4.8112.16421_none_406878db3e15ac14\RegisterIEPKEYs.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   10752     c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_9.4.8112.16421_none_14cd91c7f508553a\msfeedssync.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   41472     c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_9.4.8112.16421_none_14cd91c7f508553a\msfeedsbs.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   23552     c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_9.4.8112.16421_none_e260faa86a390a42\licmgr10.dll
+ 2011-12-14 23:06 . 2011-11-03 23:05   66048     c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_1adf940cd544870c\WininetPlugin.dll
+ 2011-12-14 23:06 . 2011-11-03 23:04   65024     c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_1adf940cd544870c\jsproxy.dll
+ 2011-12-14 23:06 . 2011-11-03 22:37   66048     c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\WininetPlugin.dll
+ 2011-12-14 23:06 . 2011-11-03 22:37   65024     c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\jsproxy.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   66048     c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_1a63c80bbc1c1756\WininetPlugin.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   65024     c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_1a63c80bbc1c1756\jsproxy.dll
+ 2011-06-21 14:13 . 2010-11-20 12:17   40448     c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.21855_none_17ae219281114d21\tzupd.exe
+ 2011-08-24 05:16 . 2011-07-09 04:32   40448     c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.17720_none_173ff31967dfdad1\tzupd.exe
+ 2011-12-14 01:08 . 2011-11-05 04:31   40448     c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7600.21085_none_15a72b0484036b23\tzupd.exe
+ 2011-08-24 05:16 . 2011-07-09 04:33   40448     c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7600.16912_none_156666936aaf85a2\tzupd.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   97280     c:\windows\winsxs\x86_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_9.4.8112.16421_none_1a39851f718708ff\ConfigureIEOptionalComponents.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   54272     c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_9.4.8112.16421_none_064611e72dafc564\pngfilt.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   76800     c:\windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_9.4.8112.16421_none_20f6a468db4fac99\SetIEInstalledDate.exe
+ 2011-12-14 01:08 . 2011-10-26 06:13   38912     c:\windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.21847_none_cbfad2a21cd2f4c4\csrsrv.dll
+ 2011-12-14 01:08 . 2011-10-26 04:28   38912     c:\windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7601.17713_none_cb8da47303a09bcb\csrsrv.dll
+ 2011-12-14 01:08 . 2011-10-26 04:29   38912     c:\windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7600.21077_none_c9f3dc141fc512c6\csrsrv.dll
+ 2011-12-14 01:08 . 2011-10-26 04:25   38912     c:\windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.1.7600.16905_none_c9b417ed0670469c\csrsrv.dll
+ 2009-09-06 18:02 . 2011-12-10 07:27   46088     c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-12-16 15:30   64886     c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-23 20:08 . 2011-12-16 15:30   13662     c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1762653480-1981093567-457604102-1001_UserData.bin
+ 2011-12-07 11:58 . 2011-12-07 11:58   76800     c:\windows\System32\SetIEInstalledDate.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   74752     c:\windows\System32\RegisterIEPKEYs.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   54272     c:\windows\System32\pngfilt.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   48640     c:\windows\System32\mshtmler.dll
+ 2011-12-14 23:06 . 2011-11-03 22:32   72704     c:\windows\System32\mshtmled.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   11776     c:\windows\System32\mshta.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   10752     c:\windows\System32\msfeedssync.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   41472     c:\windows\System32\msfeedsbs.dll
+ 2011-12-14 23:06 . 2011-11-03 22:37   66048     c:\windows\System32\migration\WininetPlugin.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   23552     c:\windows\System32\licmgr10.dll
+ 2011-12-14 23:06 . 2011-11-03 22:37   65024     c:\windows\System32\jsproxy.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   78848     c:\windows\System32\inseng.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   35840     c:\windows\System32\imgutil.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   86528     c:\windows\System32\iesysprep.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   74752     c:\windows\System32\iesetup.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   31744     c:\windows\System32\iernonce.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   74240     c:\windows\System32\ie4uinit.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   66048     c:\windows\System32\icardie.dll
+ 2009-07-14 04:50 . 2011-12-08 22:59   86016     c:\windows\System32\DriverStore\infpub.dat
- 2009-07-14 04:50 . 2011-11-29 19:59   86016     c:\windows\System32\DriverStore\infpub.dat
+ 2011-06-21 14:12 . 2010-11-20 09:14   47616     c:\windows\System32\DriverStore\FileRepository\wvmic.inf_x86_neutral_b94eb92e8150fa35\vmictimeprovider.dll
+ 2011-06-21 14:13 . 2010-11-20 12:03   53760     c:\windows\System32\DriverStore\FileRepository\wvmic.inf_x86_neutral_b94eb92e8150fa35\vmicres.dll
+ 2011-06-21 14:12 . 2010-11-20 09:14   19456     c:\windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_x86_neutral_1b297af3587246aa\VMBusVideoM.sys
+ 2011-06-21 14:12 . 2010-11-20 09:14   19328     c:\windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_x86_neutral_1b297af3587246aa\VMBusVideoD.dll
+ 2011-06-21 14:12 . 2010-11-20 09:14   17920     c:\windows\System32\DriverStore\FileRepository\wvmbushid.inf_x86_neutral_337ff5bbc81c06e8\VMBusHID.sys
+ 2011-06-21 14:13 . 2010-11-20 12:29   43392     c:\windows\System32\DriverStore\FileRepository\wvmbus.inf_x86_neutral_fca91999602b0343\winhv.sys
+ 2011-06-21 14:13 . 2010-11-20 12:03   44544     c:\windows\System32\DriverStore\FileRepository\wvmbus.inf_x86_neutral_fca91999602b0343\vmbusres.dll
+ 2011-06-21 14:12 . 2010-11-20 09:14   14336     c:\windows\System32\DriverStore\FileRepository\wvmbus.inf_x86_neutral_fca91999602b0343\vmbuspipe.dll
+ 2011-06-21 14:13 . 2010-11-20 12:21   96768     c:\windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_x86_neutral_b961cfda3f3ba863\WUDFUsbccidDriver.dll
+ 2011-06-21 14:13 . 2010-11-20 12:30   28032     c:\windows\System32\DriverStore\FileRepository\wstorvsc.inf_x86_neutral_d7bf942e99bb1d41\storvsc.sys
+ 2011-06-21 14:13 . 2010-11-20 12:03   38400     c:\windows\System32\DriverStore\FileRepository\wstorflt.inf_x86_neutral_3db956c41708f7f5\vmstorfltres.dll
+ 2011-06-21 14:13 . 2010-11-20 12:30   40704     c:\windows\System32\DriverStore\FileRepository\wstorflt.inf_x86_neutral_3db956c41708f7f5\vmstorfl.sys
+ 2011-06-21 14:13 . 2010-11-20 12:21   66560     c:\windows\System32\DriverStore\FileRepository\wpdcomp.inf_x86_neutral_c74d9db8cbb3545c\Wpdcomp.dll
+ 2011-06-21 14:13 . 2010-11-20 12:02   42496     c:\windows\System32\DriverStore\FileRepository\wnetvsc.inf_x86_neutral_548addf09cb466fa\netvscres.dll
+ 2011-06-21 14:13 . 2010-11-20 09:14   81152     c:\windows\System32\DriverStore\FileRepository\wnetvsc.inf_x86_neutral_548addf09cb466fa\netvsc50.sys
+ 2011-06-21 14:13 . 2010-11-20 09:59   35968     c:\windows\System32\DriverStore\FileRepository\winusb.inf_x86_neutral_6cb50ae9f480775b\winusb.sys
+ 2011-06-21 14:13 . 2010-11-20 11:49   33280     c:\windows\System32\DriverStore\FileRepository\wdmvsc.inf_x86_neutral_a2cf745000e2ea92\dmvscres.dll
+ 2011-06-21 14:14 . 2010-11-20 09:14   62464     c:\windows\System32\DriverStore\FileRepository\wdmvsc.inf_x86_neutral_a2cf745000e2ea92\dmvsc.sys
+ 2011-06-21 14:13 . 2010-11-20 09:59   80768     c:\windows\System32\DriverStore\FileRepository\wdma_usb.inf_x86_neutral_a721e4f3907a2769\USBAUDIO.sys
+ 2011-04-26 21:52 . 2011-03-11 04:01   76288     c:\windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_e6d53e776821c5b8\USBSTOR.SYS
+ 2011-06-21 14:13 . 2010-11-20 10:00   76288     c:\windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_c77d41a490bdc63d\USBSTOR.SYS
+ 2009-07-13 23:51 . 2009-07-13 23:51   24064     c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_f9abf85fd00186bd\usbuhci.sys
+ 2009-07-13 23:51 . 2009-07-13 23:51   20480     c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_f9abf85fd00186bd\usbohci.sys
+ 2011-06-21 14:13 . 2010-11-20 09:59   42496     c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_f9abf85fd00186bd\usbehci.sys
+ 2011-05-11 09:22 . 2011-03-25 02:57   24064     c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_18e46bb8fd6f032e\usbuhci.sys
+ 2011-05-11 09:22 . 2011-03-25 02:57   20480     c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_18e46bb8fd6f032e\usbohci.sys
+ 2011-05-11 09:22 . 2011-03-25 02:57   43008     c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_18e46bb8fd6f032e\usbehci.sys
+ 2009-07-13 23:51 . 2009-07-13 23:51   86016     c:\windows\System32\DriverStore\FileRepository\usbcir.inf_x86_neutral_43aeabd51df61d2c\usbcir.sys
+ 2011-06-21 14:13 . 2010-11-20 10:00   75776     c:\windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_2620fd493cad7d41\usbccgp.sys
+ 2011-05-11 09:22 . 2011-03-25 02:58   75776     c:\windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_1584ed9878602b0f\usbccgp.sys
+ 2011-06-21 14:12 . 2010-11-20 10:00   39936     c:\windows\System32\DriverStore\FileRepository\umbus.inf_x86_neutral_79120b2cb6857971\umbus.sys
+ 2011-06-21 14:13 . 2010-11-20 09:59   35968     c:\windows\System32\DriverStore\FileRepository\transfercable.inf_x86_neutral_82f4c743c8996d67\x86\winusb.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   12800     c:\windows\System32\DriverStore\FileRepository\sffdisk.inf_x86_neutral_7e5210507f8fc265\sffp_sd.sys
+ 2009-07-13 23:45 . 2009-07-13 23:45   12288     c:\windows\System32\DriverStore\FileRepository\sffdisk.inf_x86_neutral_7e5210507f8fc265\sffp_mmc.sys
+ 2009-07-13 23:45 . 2009-07-13 23:45   11264     c:\windows\System32\DriverStore\FileRepository\sffdisk.inf_x86_neutral_7e5210507f8fc265\sffdisk.sys
+ 2011-06-21 14:13 . 2010-11-20 08:54   84992     c:\windows\System32\DriverStore\FileRepository\sdbus.inf_x86_neutral_47b152eccdb186c8\sdbus.sys
+ 2011-06-21 14:13 . 2010-11-20 12:30   85376     c:\windows\System32\DriverStore\FileRepository\sbp2.inf_x86_neutral_bfc02db3bc163c19\sbp2port.sys
+ 2011-06-21 14:12 . 2010-11-20 12:20   17408     c:\windows\System32\DriverStore\FileRepository\ntprint.inf_x86_neutral_88459cb66b0e2d44\I386\PJLMON.DLL
+ 2009-07-13 23:11 . 2009-07-14 01:19   16976     c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\viaide.sys
+ 2009-07-13 23:11 . 2009-07-14 01:19   42560     c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\pciidex.sys
+ 2009-07-13 23:11 . 2009-07-14 01:20   12368     c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\pciide.sys
+ 2011-06-21 14:13 . 2010-11-20 12:30   28032     c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\msahci.sys
+ 2009-07-13 23:11 . 2009-07-14 01:20   15424     c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\intelide.sys
+ 2009-07-13 23:11 . 2009-07-14 01:26   15952     c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\cmdide.sys
+ 2009-07-13 23:11 . 2009-07-14 01:26   21584     c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
+ 2009-07-13 23:11 . 2009-07-14 01:26   14912     c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\amdide.sys
+ 2009-07-13 23:11 . 2009-07-14 01:26   14400     c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\aliide.sys
+ 2009-07-13 23:55 . 2009-07-13 23:55   18432     c:\windows\System32\DriverStore\FileRepository\modemcsa.inf_x86_neutral_0243209867cd0efc\MODEMCSA.sys
+ 2011-06-21 14:12 . 2010-11-20 09:59   27648     c:\windows\System32\DriverStore\FileRepository\mdmcpq.inf_x86_neutral_9f203c20b6f0dabd\usbser.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   11264     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\spctramc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   13312     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\sonymc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   10752     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\snyaitmc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   10240     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\seaddsmc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   11776     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\qlstrmc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:51   13312     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\powerfil.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   10240     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\pnrmc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   12288     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\plasmc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   11264     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\nsmmc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   12288     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\libxprmc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   10240     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\jvcmc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   14848     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\hpmc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   13312     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\examc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   10752     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\elmsmc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   11264     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\ddsmc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   10240     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\breecemc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   10752     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\atlmc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   10752     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\adicvls.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   11776     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\adicsc.sys
+ 2011-06-21 14:13 . 2010-11-20 12:30   53120     c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\volmgr.sys
+ 2009-07-13 23:25 . 2009-07-14 01:19   53328     c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\VIAAGP.SYS
+ 2009-07-13 23:46 . 2009-07-14 01:19   32832     c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\vdrvroot.sys
+ 2009-07-13 23:25 . 2009-07-14 01:19   57424     c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\ULIAGPKX.SYS
+ 2011-06-21 14:13 . 2010-11-20 12:30   53120     c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\termdd.sys
+ 2009-07-13 23:45 . 2009-07-14 01:19   12240     c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\swenum.sys
+ 2009-07-14 00:03 . 2009-07-14 01:19   22096     c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\streamci.dll
+ 2009-07-13 23:25 . 2009-07-14 01:19   52304     c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\SISAGP.SYS
+ 2009-07-13 23:19 . 2009-07-14 01:20   28240     c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\mssmbios.sys
+ 2009-07-13 23:11 . 2009-07-14 01:20   13888     c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\msisadrv.sys
+ 2009-07-13 23:19 . 2009-07-14 01:20   46656     c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys
+ 2009-07-13 23:25 . 2009-07-14 01:26   53312     c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AMDAGP.SYS
+ 2009-07-13 23:25 . 2009-07-14 01:26   53312     c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   28160     c:\windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\kbdhid.sys
+ 2009-07-13 23:11 . 2009-07-14 01:20   42576     c:\windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\kbdclass.sys
+ 2009-07-13 23:11 . 2009-07-13 23:11   80896     c:\windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\i8042prt.sys
+ 2009-07-13 23:46 . 2009-07-14 01:06   16384     c:\windows\System32\DriverStore\FileRepository\iscsi.inf_x86_neutral_7ad2bf0be3b9a90e\iscsilog.dll
+ 2011-06-21 14:12 . 2010-11-20 09:19   65536     c:\windows\System32\DriverStore\FileRepository\ipmidrv.inf_x86_neutral_2084908fa838c2b9\IPMIDrv.sys
+ 2011-06-21 14:12 . 2010-11-20 09:59   24064     c:\windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_9e1eba5724be176f\hidusb.sys
+ 2009-07-13 23:51 . 2009-07-13 23:51   25728     c:\windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_9e1eba5724be176f\hidparse.sys
+ 2011-06-21 14:13 . 2010-11-20 09:59   55808     c:\windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_9e1eba5724be176f\hidclass.sys
+ 2009-07-13 22:09 . 2009-07-14 01:20   67152     c:\windows\System32\DriverStore\FileRepository\hpsamd.inf_x86_neutral_84ae149ecc9f8033\HpSAMD.sys
+ 2011-06-21 14:12 . 2010-11-20 09:50   16384     c:\windows\System32\DriverStore\FileRepository\dot4prt.inf_x86_neutral_ff48d313003e46b8\Dot4Prt.sys
+ 2011-06-21 14:13 . 2010-11-20 09:50   31232     c:\windows\System32\DriverStore\FileRepository\compositebus.inf_x86_neutral_a53ef080c39c3218\CompositeBus.sys
+ 2011-07-13 11:42 . 2011-04-28 03:15   60416     c:\windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_92c343c9dc681a74\BTHUSB.SYS
+ 2009-07-13 23:51 . 2009-07-13 23:51   34816     c:\windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_92c343c9dc681a74\bthenum.sys
+ 2011-06-21 14:13 . 2010-11-20 10:00   60416     c:\windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_2d4ce84c4a0b8470\BTHUSB.SYS
+ 2009-07-13 23:51 . 2009-07-13 23:51   34816     c:\windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_2d4ce84c4a0b8470\bthenum.sys
+ 2009-07-13 22:09 . 2009-07-14 01:14   50688     c:\windows\System32\DriverStore\FileRepository\atiilhag.inf_x86_neutral_1d882551ede2c65b\amdpcom32.dll
+ 2011-06-21 14:13 . 2010-11-20 12:29   22400     c:\windows\System32\DriverStore\FileRepository\amdsata.inf_x86_neutral_67db50590108ebd9\amdxata.sys
+ 2011-06-21 14:14 . 2010-11-20 12:29   80256     c:\windows\System32\DriverStore\FileRepository\amdsata.inf_x86_neutral_67db50590108ebd9\amdsata.sys
+ 2011-04-26 21:52 . 2011-03-11 05:38   22400     c:\windows\System32\DriverStore\FileRepository\amdsata.inf_x86_neutral_5c3d0d1e97e99e10\amdxata.sys
+ 2011-04-26 21:52 . 2011-03-11 05:38   80256     c:\windows\System32\DriverStore\FileRepository\amdsata.inf_x86_neutral_5c3d0d1e97e99e10\amdsata.sys
+ 2011-06-21 14:12 . 2010-11-20 08:47   10240     c:\windows\System32\DriverStore\FileRepository\acpipmi.inf_x86_neutral_71194ee3f26255a7\acpipmi.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19   11264     c:\windows\System32\DriverStore\FileRepository\acpi.inf_x86_neutral_a1f4891fe0de4401\wmiacpi.sys
+ 2009-07-13 23:51 . 2009-07-13 23:51   62464     c:\windows\System32\DriverStore\FileRepository\1394.inf_x86_neutral_832ec31f25d91fee\ohci1394.sys
+ 2009-07-13 23:51 . 2009-07-13 23:51   54784     c:\windows\System32\DriverStore\FileRepository\1394.inf_x86_neutral_832ec31f25d91fee\1394bus.sys
+ 2010-01-24 02:47 . 2011-12-16 15:28   16384     c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-24 02:47 . 2011-11-30 13:00   16384     c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-24 02:47 . 2011-11-30 13:00   32768     c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-24 02:47 . 2011-12-16 15:28   32768     c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-12-16 15:28   16384     c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-11-30 13:00   16384     c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-29 18:25 . 2011-12-06 15:57   16384     c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-29 18:25 . 2011-11-29 05:46   16384     c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2011-12-16 13:21   85704     c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-01-29 18:25 . 2011-12-06 15:57   32768     c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-29 18:25 . 2011-11-29 05:46   32768     c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-29 18:25 . 2011-11-29 05:46   16384     c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-29 18:25 . 2011-12-06 15:57   16384     c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-25 15:13 . 2011-11-29 05:46   16384     c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-25 15:13 . 2011-12-06 15:57   16384     c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-25 15:13 . 2011-11-29 05:46   16384     c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-25 15:13 . 2011-12-06 15:57   16384     c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-24 11:18 . 2011-12-14 23:06   23040     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-01-24 11:18 . 2011-11-09 23:03   23040     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-01-24 11:18 . 2011-12-14 23:06   61440     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-01-24 11:18 . 2011-11-09 23:03   61440     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-01-24 11:18 . 2011-11-09 23:03   27136     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-01-24 11:18 . 2011-12-14 23:06   27136     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-01-24 11:18 . 2011-11-09 23:03   11264     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-01-24 11:18 . 2011-12-14 23:06   11264     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-01-24 11:18 . 2011-11-09 23:03   86016     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2010-01-24 11:18 . 2011-12-14 23:06   86016     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2010-01-24 11:18 . 2011-12-14 23:06   12288     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-01-24 11:18 . 2011-11-09 23:03   12288     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-12-14 23:36 . 2011-12-14 23:36   65536     c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-12-14 23:36 . 2011-12-14 23:36   65536     c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-12-14 23:36 . 2011-12-14 23:36   65536     c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-12-14 23:36 . 2011-12-14 23:36   65536     c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-12-14 23:36 . 2011-12-14 23:36   65536     c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-12-14 23:36 . 2011-12-14 23:36   65536     c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-12-14 23:36 . 2011-12-14 23:36   65536     c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2011-12-14 01:08 . 2011-11-05 04:26   2048     c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.21855_none_17ae219281114d21\tzres.dll
+ 2011-12-14 01:08 . 2011-11-05 04:26   2048     c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.17720_none_173ff31967dfdad1\tzres.dll
+ 2011-12-14 01:08 . 2011-11-05 04:29   2048     c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7600.21085_none_15a72b0484036b23\tzres.dll
+ 2011-12-14 01:08 . 2011-11-05 04:30   2048     c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7600.16912_none_156666936aaf85a2\tzres.dll
- 2010-06-23 20:39 . 2011-11-19 14:21   3680     c:\windows\System32\wdi\ERCQueuedResolutions.dat
+ 2010-06-23 20:39 . 2011-12-05 14:23   3680     c:\windows\System32\wdi\ERCQueuedResolutions.dat
+ 2011-06-21 14:12 . 2010-11-20 09:14   5632     c:\windows\System32\DriverStore\FileRepository\ws3cap.inf_x86_neutral_dac7c9faa4fc2a78\vms3cap.sys
+ 2009-07-13 23:51 . 2009-07-13 23:51   5888     c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_f9abf85fd00186bd\usbd.sys
+ 2011-05-11 09:22 . 2011-03-25 02:57   5888     c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_18e46bb8fd6f032e\usbd.sys
+ 2009-07-13 23:51 . 2009-07-14 01:15   7680     c:\windows\System32\DriverStore\FileRepository\usbcir.inf_x86_neutral_43aeabd51df61d2c\CIRCoInst.dll
+ 2011-06-21 14:12 . 2010-11-20 09:50   9728     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\qntmmc.sys
+ 2011-06-21 14:12 . 2010-11-20 09:51   9216     c:\windows\System32\DriverStore\FileRepository\mchgr.inf_x86_neutral_185970e67258389c\m4mc.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19   7168     c:\windows\System32\DriverStore\FileRepository\acpi.inf_x86_neutral_a1f4891fe0de4401\errdev.sys
+ 2011-12-14 23:32 . 2011-12-16 15:28   2048     c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-29 05:43 . 2011-11-29 05:43   2048     c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-14 23:32 . 2011-12-16 15:28   2048     c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-29 05:43 . 2011-11-29 05:43   2048     c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-01-24 11:18 . 2011-11-09 23:03   4096     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-01-24 11:18 . 2011-12-14 23:06   4096     c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-12-14 01:08 . 2011-10-15 07:17   534528     c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.1.7601.21840_none_e2e4b00705e2426c\EncDec.dll
+ 2011-12-14 01:08 . 2011-10-15 05:38   534528     c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.1.7601.17708_none_e28e553bec9cfd96\EncDec.dll
+ 2011-12-14 01:08 . 2011-10-15 05:33   534528     c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.1.7600.21070_none_e0ddb97908d4606e\EncDec.dll
+ 2011-12-14 01:08 . 2011-10-15 05:48   534528     c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.1.7600.16899_none_e047a74defbea953\EncDec.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   420864     c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_9.4.8112.16421_none_60d9a60d482d54be\vbscript.dll
+ 2011-12-14 23:06 . 2011-11-03 23:03   716800     c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.20544_none_9bd689262a95cc33\jscript.dll
+ 2011-12-14 23:06 . 2011-11-03 22:34   716800     c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.16440_none_9b48eb33117bc70d\jscript.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   716800     c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.16437_none_9b5abd25116d5c7d\jscript.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   161792     c:\windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_9.4.8112.16421_none_e47f7674bcba0f60\msls31.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   104448     c:\windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_9.4.8112.16421_none_5377da1a18fb28e4\jsdebuggeride.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   466432     c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_9.4.8112.16421_none_011b7bdcabe8aef6\ieinstal.exe
+ 2011-12-14 23:06 . 2011-11-03 22:58   176640     c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20544_none_7d990d2ee1907e6f\ieui.dll
+ 2011-12-14 23:06 . 2011-11-03 22:28   176640     c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16440_none_7d0b6f3bc8767949\ieui.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   176640     c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16437_none_7d1d412dc8680eb9\ieui.dll
+ 2011-12-14 23:06 . 2011-11-03 23:06   231936     c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.4.8112.20544_none_092171d5913bd5b6\url.dll
+ 2011-12-14 23:06 . 2011-11-03 22:38   231936     c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.4.8112.16440_none_0893d3e27821d090\url.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   231936     c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.4.8112.16437_none_08a5a5d478136600\url.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   766976     c:\windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_9.4.8112.16421_none_05b6b429030148f7\VGX.dll
+ 2011-12-14 23:06 . 2011-11-03 23:37   141112     c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20544_none_609a4ae8bff5a569\sqmapi.dll
+ 2011-12-14 23:06 . 2011-11-03 23:16   141112     c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16440_none_600cacf5a6dba043\sqmapi.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   141088     c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16437_none_601e7ee7a6cd35b3\sqmapi.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   162304     c:\windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_9.4.8112.16421_none_e011e11277018c3c\msrating.dll
+ 2009-06-10 21:14 . 2009-06-10 21:14   355832     c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_9.4.8112.16421_none_05f58d6b02d23b61\pdm.dll
+ 2009-07-13 21:59 . 2009-06-10 21:14   265720     c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_9.4.8112.16421_none_05f58d6b02d23b61\msdbg2.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   203776     c:\windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_9.4.8112.16421_none_79ab85b66bffe20a\webcheck.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   123392     c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_9.4.8112.16421_none_4fa60aea2e696726\occache.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   301056     c:\windows\winsxs\x86_microsoft-windows-ie-networkinspection_31bf3856ad364e35_9.4.8112.16421_none_8d7c2d276e46f322\networkinspection.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   149504     c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_9.4.8112.16421_none_0b7e9c65e8794902\jsprofilerui.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   386560     c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.4.8112.16421_none_d2ebf19be7eb8e44\jsdbgui.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   142848     c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.16421_none_47e1a2c73444d23e\ieUnatt.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   152064     c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_9.4.8112.16421_none_7cfb7f9f58f84355\wextract.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   150528     c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_9.4.8112.16421_none_7cfb7f9f58f84355\iexpress.exe
+ 2011-12-14 23:06 . 2011-11-03 23:05   194048     c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.20544_none_6083d084cdaa77f9\IEShims.dll
+ 2011-12-14 23:06 . 2011-11-03 22:37   194048     c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.16440_none_5ff63291b49072d3\IEShims.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   194048     c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.16437_none_60080483b4820843\IEShims.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   193536     c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.16421_none_a8ae871d64d6edda\ieproxy.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   222720     c:\windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_9.4.8112.16421_none_1ef5aee48b810ba0\ielowutil.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   307200     c:\windows\winsxs\x86_microsoft-windows-ie-iediag_31bf3856ad364e35_9.4.8112.16421_none_2f5fcfbaab97b79b\iediagcmd.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   107008     c:\windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_9.4.8112.16421_none_d665f7f6aed43c56\iecleanup.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   110592     c:\windows\winsxs\x86_microsoft-windows-ie-ieadvpack_31bf3856ad364e35_9.4.8112.16421_none_e771ed32e8d4ec48\IEAdvpack.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   580608     c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_9.4.8112.16421_none_78662d0a54bcb613\msfeeds.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   223232     c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.4.8112.16421_none_b045f1cd9bea63dc\dxtrans.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   353792     c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_9.4.8112.16421_none_b045f1cd9bea63dc\dxtmsft.dll
+ 2011-12-14 23:06 . 2011-11-03 23:09   678912     c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.20544_none_549bad5f7347d34d\iedvtool.dll
+ 2011-12-14 23:06 . 2011-11-03 22:42   678912     c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.16440_none_540e0f6c5a2dce27\iedvtool.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   678912     c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.16437_none_541fe15e5a1f6397\iedvtool.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   118784     c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_9.4.8112.16421_none_5543276d0c542bbd\iepeers.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   434176     c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_9.4.8112.16421_none_1411b9158604ddae\ieapfltr.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   163840     c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_9.4.8112.16421_none_c6b1c48b210c3b01\ieakui.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   227840     c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_9.4.8112.16421_none_c6b1c48b210c3b01\ieaksie.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   101888     c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_9.4.8112.16421_none_c6b1c48b210c3b01\admparse.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   130560     c:\windows\winsxs\x86_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_9.4.8112.16421_none_bc95d8ede279e757\ieakeng.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   353584     c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_9.4.8112.16421_none_8cd00f3771c38422\iedkcs32.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   748336     c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_b135ff17c80c1949\iexplore.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   152064     c:\windows\System32\wextract.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   203776     c:\windows\System32\webcheck.dll
+ 2010-01-29 14:59 . 2011-12-07 06:24   403226     c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-12-07 11:58 . 2011-12-07 11:58   420864     c:\windows\System32\vbscript.dll
+ 2011-12-14 23:06 . 2011-11-03 22:38   231936     c:\windows\System32\url.dll
- 2011-11-12 12:19 . 2011-11-12 12:17   253952     c:\windows\System32\SPReview\spwizui.dll
+ 2011-12-08 05:44 . 2011-12-08 05:42   253952     c:\windows\System32\SPReview\spwizui.dll
+ 2011-12-08 05:44 . 2011-12-08 05:42   280576     c:\windows\System32\SPReview\spreview.exe
- 2011-11-12 12:19 . 2011-11-12 12:17   280576     c:\windows\System32\SPReview\spreview.exe
+ 2011-12-08 05:44 . 2011-12-08 05:42   190464     c:\windows\System32\SPReview\sperror.dll
- 2011-11-12 12:19 . 2011-11-12 12:17   190464     c:\windows\System32\SPReview\sperror.dll
- 2009-07-14 02:05 . 2011-11-30 11:28   624178     c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-12-15 20:47   624178     c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-12-15 20:47   106522     c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2011-11-30 11:28   106522     c:\windows\System32\perfc009.dat
+ 2011-12-07 11:58 . 2011-12-07 11:58   123392     c:\windows\System32\occache.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   162304     c:\windows\System32\msrating.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   161792     c:\windows\System32\msls31.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   580608     c:\windows\System32\msfeeds.dll
+ 2011-12-04 11:56 . 2011-12-04 11:56   247968     c:\windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-12-04 11:56 . 2011-12-04 11:56   335520     c:\windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2011-12-14 23:06 . 2011-11-03 22:34   716800     c:\windows\System32\jscript.dll
- 2011-04-15 00:13 . 2011-02-18 05:35   716800     c:\windows\System32\jscript.dll
+ 2011-12-04 18:38 . 2011-12-04 18:38   157472     c:\windows\System32\javaws.exe
- 2011-07-14 12:24 . 2011-05-04 00:52   157472     c:\windows\System32\javaws.exe
- 2011-07-14 12:24 . 2011-05-04 00:52   145184     c:\windows\System32\javaw.exe
+ 2011-12-04 18:38 . 2011-12-04 18:38   145184     c:\windows\System32\javaw.exe
- 2011-07-14 12:24 . 2011-05-04 00:52   145184     c:\windows\System32\java.exe
+ 2011-12-04 18:38 . 2011-12-04 18:38   145184     c:\windows\System32\java.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   150528     c:\windows\System32\iexpress.exe
+ 2011-12-07 11:58 . 2011-12-07 11:58   142848     c:\windows\System32\ieUnatt.exe
- 2011-10-12 07:28 . 2011-08-20 04:35   176640     c:\windows\System32\ieui.dll
+ 2011-12-14 23:06 . 2011-11-03 22:28   176640     c:\windows\System32\ieui.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   118784     c:\windows\System32\iepeers.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   353584     c:\windows\System32\iedkcs32.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   434176     c:\windows\System32\ieapfltr.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   163840     c:\windows\System32\ieakui.dll
- 2009-07-13 23:42 . 2009-07-14 01:05   163840     c:\windows\System32\ieakui.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   227840     c:\windows\System32\ieaksie.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   130560     c:\windows\System32\ieakeng.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   110592     c:\windows\System32\IEAdvpack.dll
+ 2009-07-14 04:33 . 2011-12-14 23:32   591552     c:\windows\System32\FNTCACHE.DAT
- 2009-07-14 04:33 . 2011-11-09 23:29   591552     c:\windows\System32\FNTCACHE.DAT
+ 2011-12-07 11:58 . 2011-12-07 11:58   223232     c:\windows\System32\dxtrans.dll
+ 2011-12-07 11:58 . 2011-12-07 11:58   353792     c:\windows\System32\dxtmsft.dll
- 2009-07-14 04:50 . 2011-11-29 19:59   143360     c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2011-12-08 22:59   143360     c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2011-12-08 22:59   143360     c:\windows\System32\DriverStore\infstor.dat
- 2009-07-14 04:50 . 2011-11-29 19:59   143360     c:\windows\System32\DriverStore\infstor.dat
+ 2011-06-21 14:13 . 2010-11-20 09:14   215552     c:\windows\System32\DriverStore\FileRepository\wvmic.inf_x86_neutral_b94eb92e8150fa35\vmicsvc.exe
+ 2011-06-21 14:12 . 2010-11-20 09:14   113664     c:\windows\System32\DriverStore\FileRepository\wvmic.inf_x86_neutral_b94eb92e8150fa35\IcCoinstall.dll
+ 2011-06-21 14:12 . 2010-11-20 09:14   116224     c:\windows\System32\DriverStore\FileRepository\wvmbus.inf_x86_neutral_fca91999602b0343\VmbusCoinstaller.dll
+ 2011-06-21 14:13 . 2010-11-20 12:30   175360     c:\windows\System32\DriverStore\FileRepository\wvmbus.inf_x86_neutral_fca91999602b0343\vmbus.sys
+ 2011-06-21 14:12 . 2010-11-20 09:14   113664     c:\windows\System32\DriverStore\FileRepository\wstorflt.inf_x86_neutral_3db956c41708f7f5\VmdCoinstall.dll
+ 2011-06-21 14:13 . 2010-11-20 09:14   126464     c:\windows\System32\DriverStore\FileRepository\wnetvsc.inf_x86_neutral_548addf09cb466fa\netvsc60.sys
+ 2011-06-21 14:14 . 2010-11-20 12:30   245632     c:\windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
+ 2011-06-21 14:13 . 2010-11-20 12:30   160128     c:\windows\System32\DriverStore\FileRepository\vhdmp.inf_x86_neutral_efa659e9a38d5b8c\vhdmp.sys
+ 2011-06-21 14:13 . 2010-11-20 10:00   146432     c:\windows\System32\DriverStore\FileRepository\usbvideo.inf_x86_neutral_8fe3504355514e0c\usbvideo.sys
+ 2011-06-21 14:13 . 2010-11-20 10:00   284672     c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_f9abf85fd00186bd\usbport.sys
+ 2011-06-21 14:13 . 2010-11-20 10:01   258560     c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_f9abf85fd00186bd\usbhub.sys
+ 2011-05-11 09:22 . 2011-03-25 02:58   284672     c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_18e46bb8fd6f032e\usbport.sys
+ 2011-05-11 09:22 . 2011-03-25 02:58   258560     c:\windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_18e46bb8fd6f032e\usbhub.sys
+ 2011-06-21 14:13 . 2010-11-20 10:01   258560     c:\windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_2620fd493cad7d41\usbhub.sys
+ 2011-05-11 09:22 . 2011-03-25 02:58   258560     c:\windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_1584ed9878602b0f\usbhub.sys
+ 2011-06-21 14:14 . 2010-11-20 12:21   153600     c:\windows\System32\DriverStore\FileRepository\tsprint.inf_x86_neutral_c48d421ad2c1e3e3\i386\tsprint.dll
+ 2011-06-21 14:13 . 2010-11-20 12:19   133120     c:\windows\System32\DriverStore\FileRepository\prnms002.inf_x86_neutral_baa1493e6380688b\I386\FXSWZRD.DLL
+ 2011-06-21 14:13 . 2010-11-20 12:19   135680     c:\windows\System32\DriverStore\FileRepository\prnms002.inf_x86_neutral_baa1493e6380688b\I386\FXSUI.DLL
+ 2011-06-21 14:13 . 2010-11-20 12:19   430080     c:\windows\System32\DriverStore\FileRepository\prnms002.inf_x86_neutral_baa1493e6380688b\I386\FXSTIFF.DLL
+ 2011-06-21 14:13 . 2010-11-20 12:19   385024     c:\windows\System32\DriverStore\FileRepository\prnms002.inf_x86_neutral_baa1493e6380688b\I386\FXSDRV.DLL
+ 2011-06-21 14:13 . 2010-11-20 12:19   227328     c:\windows\System32\DriverStore\FileRepository\prnms002.inf_x86_neutral_baa1493e6380688b\I386\FXSAPI.DLL
+ 2011-06-21 14:14 . 2010-11-20 12:30   143744     c:\windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
+ 2011-06-21 14:14 . 2010-11-20 12:30   117120     c:\windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
+ 2011-04-26 21:52 . 2011-03-11 05:39   143744     c:\windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
+ 2011-04-26 21:52 . 2011-03-11 05:39   117120     c:\windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvraid.sys
+ 2011-06-21 14:13 . 2010-11-20 12:21   930816     c:\windows\System32\DriverStore\FileRepository\ntprint.inf_x86_neutral_88459cb66b0e2d44\I386\XPSSVCS.DLL
+ 2011-06-21 14:13 . 2010-11-20 12:03   762368     c:\windows\System32\DriverStore\FileRepository\ntprint.inf_x86_neutral_88459cb66b0e2d44\I386\UNIRES.DLL
+ 2011-06-21 14:13 . 2010-11-20 12:20   747520     c:\windows\System32\DriverStore\FileRepository\ntprint.inf_x86_neutral_88459cb66b0e2d44\I386\UNIDRVUI.DLL
+ 2011-06-21 14:13 . 2010-11-20 12:21   375296     c:\windows\System32\DriverStore\FileRepository\ntprint.inf_x86_neutral_88459cb66b0e2d44\I386\UNIDRV.DLL
+ 2011-06-21 14:13 . 2010-11-20 12:20   542720     c:\windows\System32\DriverStore\FileRepository\ntprint.inf_x86_neutral_88459cb66b0e2d44\I386\PSCRIPT5.DLL
+ 2011-06-21 14:13 . 2010-11-20 12:20   726016     c:\windows\System32\DriverStore\FileRepository\ntprint.inf_x86_neutral_88459cb66b0e2d44\I386\PS5UI.DLL
+ 2009-07-14 00:55 . 2009-07-14 00:55   207872     c:\windows\System32\DriverStore\FileRepository\ntprint.inf_x86_neutral_88459cb66b0e2d44\I386\PCLXL.DLL
+ 2011-06-21 14:12 . 2010-11-20 12:02   292352     c:\windows\System32\DriverStore\FileRepository\ntprint.inf_x86_neutral_88459cb66b0e2d44\I386\PCL4RES.DLL
+ 2011-06-21 14:13 . 2010-11-20 12:20   781824     c:\windows\System32\DriverStore\FileRepository\ntprint.inf_x86_neutral_88459cb66b0e2d44\I386\MXDWDRV.DLL
+ 2011-06-21 14:13 . 2010-11-20 12:29   132992     c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\ataport.sys
+ 2011-06-21 14:13 . 2010-11-20 12:30   116096

Title: Very Slow Laptop
Post by: guestolo on December 16, 2011, 11:55:24 PM

Can you do the following please
Temporarily disable AVG's protections again so it won't interfere with this next scanner

Using Firefox, download and save to your desktop
[color="#0000FF"] ESET Online Scanner[/color] (http://"http://www.eset.com/onlinescan/")[/url]

Click on the Button "Run Eset Online Scanner"
A new window will open, Download and save to your desktop
esetsmartinstaller_enu.exe

Right click on 'esetsmartinstaller_enu.exe' and choose to "Run as Administrator"
Put a tick in "Yes, I accept the Terms of Use" then click START

Eset will download components
When done click START again

Downloading of Virus signature database will begin
Depending on your connection speed, this can take awhile
When complete the scan will start
This scan can take some time, so be patient

Once the scan is completed, you may close the window

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic